4 matches found
Concrete CMS 跨站请求伪造漏洞
Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability was exploited through the concrete/controllers/backend/file rescanMultiple function, making it susceptibl...
CVE-2026-27894
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...
GLPI Insecure Direct Object Reference Vulnerability (CNVD-2020-67631)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
Foxit Reader and PhantomPDF Data Forgery Issue Vulnerability (CNVD-2020-32458)
Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit Reader versions prior to 9.5 and PhantomPDF versions prior to 9.5. The vulnerability can be exploited to bypass signature verification with modified documents or...