7 matches found
CVE-2025-51965
CVE-2025-51965 affects OURPHP up to version 8.6.1, where the vulnerability is a Cross‑Site Scripting (XSS) flaw in the Name field of the Complete Profile function in My User Center, accessible after front‑end registration. The underlying issue and exploitation details are not further elaborated i...
Cross site scripting
OURPHP = 7.2.0 is vulnerale to Cross Site Scripting XSS via /client/manage/ourphpout.php...
File deletion vulnerability in ourphp v1.9.1 backend
OURPHP is Harbin Weicheng Technology Co., Ltd. developed a PHP + MySQL based on the development of W3C standards-compliant building system. ourphp v1.9.1 arbitrary file deletion vulnerability exists in the background. Attackers can use this vulnerability to delete website files, the integrity of...
Arbitrary File Read Vulnerability in OurPHP v1.8.0
OURPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. OurPHP v1.8.0 suffers from an arbitrary file reading vulnerability. An attacker can exploit the vulnerability to read sensitive files...
File upload vulnerability in ourphp v1.8.0
Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version of the existence of file upload vulnerability, attackers can be edited through the background online template comes with the upload point to upload any suffix file and write a script Trojan, so as to obta...
SQL Injection Vulnerability in ourphp v1.7.3 ourphp_play.class.php Page
OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. A SQL injection vulnerability exists in the ourphp v1.7.3 ourphpplay.class.php page. An attacker can exploit this vulnerability to obtain sensitive database informati...
Stored XSS Vulnerability in OurPHP
OurPHP is a web content management system developed using the PHP language. A stored XSS vulnerability exists in OurPHP version V1.7.1, which can be exploited to insert cross-site code in the member center and obtain sensitive information from the administrator cookie...