phpcms2008 sp4 /member/login.php 跨站漏洞

Phpcms 是国内领先的网站内容管理系统，同时也是一个开源的PHP开发框架。Phpcms由内容模型、会员、问吧、专题、财务、订单、广告、邮件订阅、 短消息、自定义表单、全站搜索等20多个功能模块组成，内置新闻、图片、下载、信息、产品5大内容模型。Phpcms 采用模块化开发，支持自定义内容模型和会员模型，并且可以自定义字段。 member/login.php对forward参数没有进行有效的处理，造成跨站漏洞 phpcms2008 sp4 厂商补丁： PHPCMS ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

CVE-2009-4870

Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the 1 requsername aka Username and 2 reqpassword aka Password parameters. NOTE: some of these details are obtained from third party information...

CVE-2009-4857

Cross-site scripting XSS vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2009-4870

CVE-2009-4870 affects PHPCityPortal's login.php; SQL injection via the req_username and req_password parameters allows remote execution of arbitrary SQL commands. Underlying issue is improper input handling in the login logic. CVSS indicates a HIGH impact with partial confidentiality, integrity, ...

Dark Portal Remote File Inclusion

------------------------------------------------------------------------------------- Dark Portal login.php Remote File Inclusion Vulnerability ------------------------------------------------------------------------------------- Author: CoBRa21 Mail: [email protected] Script Download:...

Dark Hart Portal - 'login.php' Remote File Inclusion

------------------------------------------------------------------------------------- Dark Portal login.php Remote File Inclusion Vulnerability ------------------------------------------------------------------------------------- Author: CoBRa21 Mail: [email protected] Script Download:...

Dark Hart Portal (login.php) Remote File Inclusion Vulnerability

Exploit for php platform in category web applications ================================================================ Dark Hart Portal login.php Remote File Inclusion Vulnerability ================================================================...

CVE-2010-1710

Directory traversal vulnerability in login.php in Siestta 2.0, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the idioma parameter...

Directory traversal

Directory traversal vulnerability in login.php in Siestta 2.0, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the idioma parameter...

Sql injection

Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via 1 the login field aka the username parameter, and possibly 2 the password field, to index.php. NOTE: some of these details are obtained from third party...

CVE-2010-1704

Multiple SQL injection vulnerabilities in 2daybiz Polls aka Advanced Poll Script allow remote attackers to execute arbitrary SQL commands via 1 the password field to login.php, 2 the login field aka email parameter to login.php, 3 the password field aka pass parameter to the default URI under...

CVE-2010-1710

Directory traversal vulnerability in login.php in Siestta 2.0, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the idioma parameter...

CVE-2010-1706

CVE-2010-1706 concerns multiple SQL injection vulnerabilities in login.php of the 2daybiz Auction Script, allowing remote attackers to execute arbitrary SQL commands via the login field (username) and possibly the password field, directed at index.php. The issue is documented across multiple sour...

CVE-2010-1710

CVE-2010-1710 affects Siestta 2.0 and earlier. A directory traversal vulnerability exists in login.php when register_globals is enabled, allowing remote attackers to include and execute arbitrary local files by manipulating the idioma parameter with a .. sequence. The NVD CVSS base score is 6.8 (...

Siestta 2.0 Cross Site Scripting / Local File Inclusion

SIESTTA 2.0 LFI/XSS Multiple Vulnerabilities download: http://ramoncastro.es/siesttaold/ Author: Jose Luis Gongora Fernandez 'aka' JosS mail: sys-projectathotmaildotcom site: http://www.hack0wn.com/ team: Spanish Hackers Team - SHT Hack0wn Security Project!! This was written for educational...

SIESTTA 2.0 - Local File Inclusion Cross-Site Scripting

SIESTTA 2.0 - Local File Inclusion Cross-Site Scripting SIESTTA 2.0 LFI/XSS Multiple Vulnerabilities download: http://ramoncastro.es/siesttaold/ Author: Jose Luis Gongora Fernandez 'aka' JosS mail: sys-projectathotmaildotcom site: http://www.hack0wn.com/ team: Spanish Hackers Team - SHT Hack0wn...

CVE-2010-1092

Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the 1 us and 2 ps parameters...

Sql injection

Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the 1 us and 2 ps parameters...

CVE-2010-1092

Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the 1 us and 2 ps parameters...

CVE-2010-1092

CVE-2010-1092 affects ScriptsFeed Business Directory Software, specifically login.php. The vulnerability is SQL injection in the login routine via the us and ps parameters, allowing remote attackers to execute arbitrary SQL. Public references indicate there are exploits available (e.g., Exploit-D...