13 matches found
EUVD-2019-18402
Malware in sbrugna...
EUVD-2019-18403
Malware in sbrugna...
MOPCMS Cross-Site Scripting Vulnerability
MOPCMS is a content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in MOPCMS 2018-11-30 and earlier versions, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'formname' parameter...
Path traversal
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9016
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
Cross site scripting
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
CVE-2019-9015
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9016
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...
CVE-2019-9015
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9016
CVE-2019-9016 affects MOPCMS, a PHP/MySQL-based CMS. The connected CNVD entry confirms a cross-site scripting vulnerability exists in MOPCMS up to 2018-11-30, exploitable via the form[name] parameter in a mod=column request (example URI shown). The root cause is persistent XSS allowing remote att...
CVE-2019-9015
A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding...
CVE-2019-9015
CVE-2019-9015 affects MOPCMS up to 2018-11-30. A path traversal vulnerability in the “column management” function allows unverified paths to be added to a column, enabling an attacker to delete the corresponding directory when a column is removed, potentially deleting parts or the entire website....
CVE-2019-9016
An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...