6 matches found
CVE-2023-6412
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...
SQL injection vulnerability in the pho*** page of the website building system of Henan Yue Longmen Technology Co.
Henan Yue Longmen Technology Co., Ltd. is a website construction, software development and promotion and marketing of a comprehensive network technology company. Ltd. station building system pho page exists SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...
waplog.com XSS vulnerability
Open Bug Bounty ID: OBB-603165 Description| Value ---|--- Affected Website:| waplog.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Piwigo cross-site scripting vulnerability (CNVD-2018-06553)
Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site scripting vulnerability exists in the admin panel in Piwigo version 2.9.3. A remote attacker can exploit th...
SQL injection vulnerability in HIMS-type hotel management system Photo_zh-cn.php page of Beijing Century Compass E-commerce Co.
Beijing Century Compass E-commerce Co., Ltd HIMS-type hotel management system is a set of software to provide management services for hotels, supporting membership, food and beverage, website/mobile application, intelligent cloth, channel distribution, revenue management and so on. There is a SQL...
ThinkSAAS因过滤不严导致的存储型XSS(两处)
简要描述: 因某函数的过滤不严,导致存在存储型XSS 详细说明: 第一处XSS漏洞: 问题存在于 : http://localhost/thinksaas/index.php?app=group&ac=create&ts=do 我们看看代码 //执行创建小组 case "do": if$TSAPP'options''iscreate' == 0 || $TSUSER'user''isadmin'==1 ifintval$POST'grpagreement' != 1 tsNotice'不同意社区指导原则是不允许创建小组的!'; $groupname = t$POST'groupname'...