65 matches found
CVE-2018-16371
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=Usergroup&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=...
CVE-2018-16370
The vulnerability CVE-2018-16370 affects PESCMS Team 2.2.1. An attacker can upload and execute arbitrary PHP code by placing a .php file inside a ZIP archive and submitting via /Public/?g=Team&m=Setting&a=upgrade, enabling remote code execution with network access. Exploit details, affected versi...
Code Execution Vulnerability in PESCMSDOC Document Management System
PESCMS DOC is a document system based on PESCMS 2.5. PESCMSDOC document management system code execution vulnerability, an attacker can use the vulnerability to execute remote code...
File Upload Vulnerability in PESCMS TEAM v2.1.0
PESCMS TEAM is a task management system open-sourced under the GPLv2 license. A file upload vulnerability exists in PESCMS TEAM v2.1.0 due to the system failing to perform a security check on uploaded zip archive files. An attacker can exploit this vulnerability to upload a Trojan horse file to...
Cross-Site Scripting Vulnerability in the PESCMS TEAM Task Management System
PESCMS TEAM is a task management system open-sourced under the GPLv2 license. A cross-site scripting vulnerability exists in PESCMS TEAM Task Management System v2.1.0, which allows an attacker to construct a malicious payload to be sent to a user to obtain sensitive information such as...