19 matches found
Masa CMS 跨站请求伪造漏洞
Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.restore function not properly verifying the anti-CSRF token, allowing attackers to...
PT-2026-38228
Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.restore function fails to properly validate anti-CSRF Cross-Site Request Forgery toke...
EUVD-2006-5942
Malware in sbrugna...
CVE-2024-48238
WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...
CVE-2024-48238
WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...
CVE-2024-48238
WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...
wtcms 安全漏洞
wtcms is a ThinkPHP-based content management system CMS by Taosir Personal Developer. A security vulnerability exists in version 1.0 of wtcms, which stems from vulnerability to SQL injection attacks via the parentid parameter in file /AdminControllerNavControl.class.php...
CVE-2024-48238
WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...
CVE-2024-48238
CVE-2024-48238 affects WTCMS 1.0. The vulnerability is a SQL injection in the edit_post functionality implemented in /Admin/Controller/NavControl.class.php via the parentid parameter. The Red Hat, NVD, CVE listings corroborate the same description. Affected component: WTCMS 1.0; vulnerability typ...
PT-2024-33049 · Wtcms · Wtcms
Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: The issue concerns SQL Injection in the edit post method of the /Admin/Controller/NavControl.class.php file via the parentid parameter. This allows for potential exploitation. Recommendations: For WTCMS version...
Hongjing e-HR SQL Injection Vulnerability
Hongjing e-HR is a human resource management system from Hongjing, China. A SQL injection vulnerability exists in Hongjing e-HR version 2020, which is caused by a SQL injection vulnerability in the parameter parentid...
GHSA-HC72-VJ3G-5G2G Cross-site Scripting in ZKEACMS
A cross-site scripting XSS vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter...
CVE-2022-29362
A cross-site scripting XSS vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter...
CVE-2022-29362
A cross-site scripting XSS vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter...
PT-2022-19564 · Zkeacms · Zkeacms
Name of the Vulnerable Software and Affected Versions: ZKEACMS version 3.5.2 Description: A cross-site scripting XSS issue exists in the /navigation/create?ParentID=%23 endpoint of ZKEACMS, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentI...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2006-5959
SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter...