20 matches found
SQL Injection Vulnerability in PbootCMS
PbootCMS is the new core and permanent open source free PHP enterprise web development and construction management system. PbootCMS SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database information...
CVE-2025-32027
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...
CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...
maccms10 跨站脚本漏洞
maccms10 is magicblack open source PHP+MYSQL environment using a set of perfect and powerful rapid site-building system . maccms10 v2022.1000.3032 version of cross-site scripting XSS vulnerabilities. A cross-site scripting XSS vulnerability exists in maccms10 version v2022.1000.3032, which...
AyaCMS 注入漏洞
AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version 3.1.2, which stems from vulnerability to Remote Code Execution RCE attacks...
Catfish Blog V3.9.0 File Upload Vulnerability in Backend
Catfish Blog is an open source free PHP blog. A file upload vulnerability exists in the backend of Catfish Blog V3.9.0, which can be exploited by an attacker to gain control of the server...
Command Execution Vulnerability in ThinkPHP
ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. ThinkPHP has a command execution vulnerability that can be exploited by attackers to gain server control privileges...
File Upload Vulnerability in the Article Management System of FastPlace CMS
Fast Row CMS is open source and free PHP enterprise website production, construction, development and optimization of SEO management system. FMS article management system file upload vulnerability, an attacker can exploit the vulnerability to obtain control of the web server...
Logic Flaw Vulnerability in Fast Platoon CMS
Fast Row CMS is open source and free PHP enterprise website production, construction, development and optimization of SEO management system. Fast Platoon CMS has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...
TimeTracker 安全特征问题漏洞
Anuko TimeTracker is Anuko an open source application . Provides a Web-based open source time tracking application written in PHP. A security vulnerability exists in TimeTracker before version 1.19.24.5415, which stems from the fact that the token used in the password reset feature is based on...
MKCMS official version suffers from SQL injection vulnerability (CNVD-2021-16411)
MKCMS is a free and open source PHP web content management system developed by Yakun Technology. MKCMS official version of the existence of SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information in the database...
CatfishCMS has a file upload vulnerability
Catfish CMS is a free and open source PHP content management system. A file upload vulnerability exists in CatfishCMS, which can be exploited by an attacker to gain control of the server...
PbootCMS V1.1.6-20180721 Code Execution Vulnerability in the Frontend
PbootCMS is an open source PHP enterprise web development and construction management system. A code execution vulnerability exists in the frontend of PbootCMS version V1.1.6-20180721, which can be exploited by an attacker to execute remote code...
Magento cross-site scripting vulnerability (CNVD-2018-04517)
Magento is an open source PHP e-commerce system from Magento, which provides permission management, search engine and payment gateway. Magento has a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript script code...
Code execution vulnerability in Typecho frontend
Typecho is an open source blogging platform written in PHP. A code execution vulnerability exists in the Typecho frontend, which can be exploited by an attacker to gain server administrative privileges...
IonizeCMS Cross-Site Request Forgery Vulnerability
IonizeCMS is an open source PHP content manager. IonizeCMS 1.0.8 suffers from a cross-site request forgery vulnerability, which allows an attacker to construct specific URLs to lure a system administrator into accessing them in order to create a new account with administrator privileges...
Securimage 'example_form.ajax.php' cross-site scripting vulnerability
Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA codes.' A cross-site scripting vulnerability exists in Securimage. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch other...
sparkleBlog.txt
Various Vulnerabilities in SparkleBlog SparkleBlog is an open-source PHP script which allows you to input and edit your weblog entries, without having to go through the hassle of coding in HTML and uploading via FTP every time you want to make an update. A weblog aka blog is simply an online...
Various Vulnerabilities in SparkleBlog
Various Vulnerabilities in SparkleBlog SparkleBlog is an open-source PHP script which allows you to input and edit your weblog entries, without having to go through the hassle of coding in HTML and uploading via FTP every time you want to make an update. A weblog aka blog is simply an online...
Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting
Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script co...