59 matches found
LightCMS Remote Code execution (CVE-2021-27112)
A remote code execution vulnerability exists in LightCMS. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on the affected system...
Arbitrary File Read Vulnerability in LightCMS
LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. An arbitrary file read vulnerability exists in LightCMS, which can be exploited by an attacker to read arbitrary files...
LightCMS Remote Code Execution Vulnerability
LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. A remote code execution vulnerability exists in /app/Http/Controllers/Admin/NEditorController.php in LightCMS v1.3.5 during external image download. An attacker can...
CVE-2021-27112
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...
CVE-2021-27112
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...
Remote code execution
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...
CVE-2021-27112
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images...
CVE-2021-27112
LightCMS v1.3.5 is affected by a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during external image download. The issue enables arbitrary code execution on successful exploitation, with no exploitation details provided in the sources. Affected product: ...
Jianhua Sun LightCMS 安全漏洞
LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. A remote code execution vulnerability exists in /app/Http/Controllers/Admin/NEditorController.php in LightCMS v1.3.5 during external image download. An attacker can...
LightCMS 1.3.4 Cross Site Scripting
Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Date: 25/02/2021 Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux...
LightCMS 1.3.4 - (exclusive) Stored XSS Vulnerability
Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux CVE: CVE-2021-335...
LightCMS Cross-Site Scripting Vulnerability
LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. A cross-site scripting vulnerability exists in LightCMS v1.3.4 that allows an attacker to execute HTML or JavaScript code to manage sensitive words in a vulnerable...
LightCMS 1.3.4 - 'exclusive' Stored XSS
Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Date: 25/02/2021 Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux...
CVE-2021-3355
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
CVE-2021-3355
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
Cross site scripting
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
CVE-2021-3355
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...
CVE-2021-3355
LightCMS v1.3.4 contains a stored-self XSS in the Title field used for Sensitive Words (to /admin/SensitiveWords). Exploitation involves injecting HTML/JavaScript into the vulnerable title, with PoC payloads available (e.g., from Exploit-DB). The issue is confirmed across multiple sources (NVD, C...
LightCMS v跨站脚本漏洞
LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. A cross-site scripting vulnerability exists in LightCMS v1.3.4 that allows an attacker to execute HTML or JavaScript code to manage sensitive words in a vulnerable...