Dream CMS has multiple vulnerabilities

Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS has multiple vulnerabilities that can be exploited by attackers to obtain sensitive database information...

SQL injection vulnerability exists in the open-source version of the UX365 web site navigation (CNVD-2021-24439)

Youkai 365 Web site navigation open source version is based on PHP + MYSQL development and construction of open source Web site catalog management system. Uke365 Web site navigation open source version of the existence of SQL injection vulnerability . Attackers can exploit the vulnerability to...

Logic flaw vulnerability in oasys

oasys is an OA office automation system , the use of Maven for project management , springboot framework based on the development of the project , mysql underlying database , the front-end freemarker template engine , Bootstrap as the front-end UI framework , integrated jpa, mybatis and other...

Sourcecodester Pisay Online E-Learning System SQL Injection Vulnerability (CNVD-2021-95936)

Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. Sourcecodester Pisay Online E-Learning System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in a database-based...

Joomla! Template Manager Missing Input Validation Vulnerability

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A vulnerability exists in Joomla! 3.2.0 - 3.9.24 where the template manager lacks...

Incorrect ACL Check Vulnerability in Joomla!

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...

Joomla! path traversal vulnerability (CNVD-2021-16936)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 3.0.0 - 3.9.24. An attacker can...

Joomla! cross-site scripting vulnerability (CNVD-2021-15050)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 2.5.0 - 3.9.24. The...

Mailtrain SQL Injection Vulnerability

Mailtrain is an open source hosted newsletter application built on Node.js and MySQL/MariaDB. A SQL injection vulnerability exists in Mailtrain 1.24.1 and earlier in lib/models/campaigns.js in statsClickedSubscribersByColumn. The vulnerability stems from not properly escaping variable column name...

The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component of the MySQL Database Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the InnoDB component of the MySQL Database Server allows a attacker to cause service failures or gain privileged access.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures or gain privileged access through network packets...

RGCMS suffers from a file upload vulnerability (CNVD-2021-03290)

RGCMS RuiGu content management system is a set of open source building management system , using PHP language , written in the framework of Thinkphp5.1. , the database using MYSQL database . RGCMS file upload vulnerability , an attacker can use this vulnerability to obtain control of the server...

Ransomware in 2020: A Banner Year for Extortion

Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel...

Baby Care System 1.0 SQL Injection

Exploit Title: Baby Care System 1.0 - 'roleid' SQL Injection Exploit Author: Vijay Sachdeva Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...

CVE-2020-26277

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a syst...

CVE-2020-26277

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a syst...

Customer Support System 1.0 SQL Injection

Exploit Title: Customer Support System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

SQL Injection Vulnerability in the background of Wild Rain Novel CMS

Wild Rain Fiction cms hereinafter referred to as KYXSCMS provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. There is a SQL injection vulnerability in the background of KYXSCMS. Attackers can use the vulnerability to obtain sensitive information in the database...

WordPress 5.3.x < 5.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

WordPress 4.8.x < 4.8.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...