Arbitrary File Deletion Vulnerability in ZengCMS

ZengCMS is a backend management system based on the latest TP6.0.x framework and Layui 2.5.x. ZengCMS suffers from an arbitrary file deletion vulnerability, which can be exploited by attackers to delete system files...

CVE-2020-29249

CXUUCMS V3 allows class="layui-input" XSS...

Cxuucms 跨站脚本漏洞

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS V3 suffers from a class="layui-input" cross-site scripting vulnerability. No detailed vulnerability details are currently available...

Command execution vulnerability in vaeThink backend Au***.php file

vaeThink is a PHP content management framework built on Layui and tp5. A command execution vulnerability exists in the vaeThink backend Au.php file. An attacker can exploit this vulnerability to gain server privileges...

Command Execution Vulnerability in LzCMS Content Management System Backend

LzCMS is a simple blog system made by ThinkPHP+layui. A command execution vulnerability exists in the backend of LzCMS content management system. Attackers can use this vulnerability to upload Trojan horse files and obtain webshell...

File Upload Vulnerability in LzCMS Content Management System Backend

LzCMS is a blog system developed by ThinkPHP+layui. A file upload vulnerability exists in the background of LzCMS content management system, which can be exploited by attackers to gain control of the web server...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67558)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has a command execution vulnerability that can be exploited by attackers to gain server control privileges...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67559)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. A command execution vulnerability exists in MyuCMS, which can be exploited to gain server privileges...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67557)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has a command execution vulnerability that can be exploited by attackers to gain server control privileges...

File Deletion Vulnerability in daozicms V1.4

Daozicms Enterprise Building System is a cms enterprise building system developed by Thinkphp6.0.2+layui-v2.3.0+Mysql5.7. A file deletion vulnerability exists in daozicms V1.4, which can be exploited by attackers to cause a denial of service attack...

XSS Vulnerability in LAYUI MINI Backend Admin Template

LAYUI MINI backend administration template is a set of the most simple and easy to use backend framework template based on Layui. LAYUI MINI backend administration template has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...

File Deletion Vulnerability in CLTPHP Open Source Edition

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. CLTPHP open source version exists file deletion vulnerability. An attacker can exploit the vulnerability to delete arbitrary files , resulting in a program crash...

File Inclusion Vulnerability in HisiPHP

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has a file inclusion vulnerability. Attackers can use the vulnerability to obtain server privileges...

Command Execution Vulnerability in HisiPHP

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has a command execution vulnerability. Attackers can use the vulnerability to obtain server privileges...

Command execution vulnerability exists in HisiPHP (CNVD-2020-48613)

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has a command execution vulnerability. Attackers can use the vulnerability to obtain server privileges...

Arbitrary File Deletion Vulnerability in HisiPHP

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete lock files , resulting in system reinstallation...

Command Execution Vulnerability in HisiPHP V2.0.11

HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP V2.0.11 has a command execution vulnerability that can be exploited by an attacker to gain server privileges...

XSS Vulnerability in My-Blog-layui

My-Blog-layui by SpringBoot + Layui + Mybatis + Thymeleaf and other technologies to achieve the Java blog system . My-Blog-layui has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

SQL Injection Vulnerability in LaySNS of Wuhan Classen Technology Co. Ltd (CNVD-2020-30205)

Laysns using Think + Layui as the technical basis for development, using the OOP approach to the basic operation of the framework to build, modular development approach to do for the form of functional development. Wuhan class Sen Technology Co., Ltd. LaySNS SQL injection vulnerability, attackers...

Command Execution Vulnerability in Hisiphp V2.0.10

HisiPHP based on ThinkPHP5 + Layui development of a free WEB open source framework. Hisiphp V2.0.10 there is a command execution vulnerability , an attacker can exploit the vulnerability to write a configuration file , and the configuration file contains , execute commands...