72 matches found
CVE-2021-37392
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will...
RPCMS 跨站脚本漏洞
RPCMS is a software application, a web CMS system. RPCMS suffers from a cross-site scripting vulnerability that stems from a failure to properly clean up the nickname variable before it is displayed on a page in RPCMS v1.8 versions and below. With the API functionality turned on, an attacker can...
RPCMS 安全漏洞
RPCMS is a software application. A website CMS system. A security vulnerability exists in RPCMS, which originates in RPCMS v1.8 and below, that can be exploited by an attacker to interact with the API to change the variable "role" to "admin" for administrator user registration...
SQL Injection Vulnerability in RPCMS (CNVD-2021-51820)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in RPCMS (CNVD-2021-51833)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in RPCMS (CNVD-2021-51832)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in RPCMS (CNVD-2021-51831)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
RPCMS suffers from a file upload vulnerability (CNVD-2021-45388)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a file upload vulnerability. An attacker can exploit this vulnerability to gain server privileges...
SQL Injection Vulnerability in RPCMS (CNVD-2021-45386)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in RPCMS (CNVD-2021-40742)
RPCMS is a lightweight php content management system, which can be used as a blog system, corporate website system, etc. RPCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
RPCMS has a file upload vulnerability
RPCMS is a lightweight php content management system, which can be used as a blog system, corporate website system, etc. RPCMS has a file upload vulnerability that can be exploited by attackers to gain server privileges...
SQL Injection Vulnerability in rpcms Backend
rpcms a lightweight php content management system , can be a blog system , enterprise website system , information system . It is small , lightweight , but feature-rich , scalable . rpcms background SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database...