22 matches found
EUVD-2018-13153
Malware in sbrugna...
CVE-2018-20603
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
CVE-2018-20602
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...
LFCMS Information Disclosure Vulnerability
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A security vulnerability exists in LFCMS version 3.8.6. An attacker can exploit the vulnerability to disclose the full path with the help of /install.php?s=/1 URI...
LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00992)
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A cross-site request forgery vulnerability exists in the admin.php?s=/Member/add.html page in LFCMS version 3.8.6. A remote attacker can exploit this vulnerability to perform unauthorized operations...
LFCMS Directory Traversal Vulnerability
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. LFCMS version 3.8.6 of http://www.a.com:84/admin.php?s=/Template/index.html页面存在目录遍历漏洞. An attacker can exploit this vulnerability with the help of the '...' sequence in the Template/edit/path URIs. ' sequence in...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
Directory traversal
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
Path traversal
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...
CVE-2018-20603
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
Cross site request forgery (csrf)
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20602
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...
CVE-2018-20602
Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...
CVE-2018-20603
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
CVE-2018-20603
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20603
The CVE-2018-20603 entry concerns Lei Feng TV CMS (aka LFCMS) version 3.8.6, which is vulnerable to CSRF on the admin page admin.php?s=/Member/add.html. The root cause, as stated across connected records, is a cross-site request forgery vulnerability in the LFCMS 3.8.6 administrative interface, e...
CVE-2018-20604
CVE-2018-20604 affects Lei Feng TV CMS (LFCMS) 3.8.6. A Directory Traversal is possible by crafting URIs using ..* in Template/edit/path, e.g., admin.php?s=/Template/edit/path/web .... ..*..*1.txt.html, enabling reading of arbitrary files (demonstrated with 1.txt). The connected records confirm t...