EUVD-2025-31432

Malicious code in bioql PyPI...

CVE-2025-11068

The CVE-2025-11068 entry affects westboy CicadasCMS 1.0, with the vulnerability located in the unknown functionality of /system/cms/category/save. The manipulation of the categoryName parameter results in cross-site scripting (XSS) that can be exploited remotely. Public exploit material exists, i...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-8807

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed...

JSite 代码注入漏洞

JSite is JSite open source a backend management system rapid development framework . JSite 1.0 and previous versions of the code injection vulnerability , the vulnerability stems from the file /sys/office/save parameter Remarks in the wrong operation leads to cross-site scripting...

CVE-2025-2624

A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The...

CVE-2024-12490

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teachersave.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely...

FlyCms Security Vulnerability

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . FlyCms security vulnerabilities , the vulnerability stems from /system/score/scorerulesave location cross-site request...

FlyCms Security Vulnerability

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . FlyCms security vulnerabilities , the vulnerability stems from /system/user/groupsave location cross-site request forgery...

CVE-2023-48089

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution RCE via /xxl-job-admin/jobcode/save...

sunkaifei FlyCms 跨站请求伪造漏洞

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . sunkaifei FlyCms version 1.0 security vulnerabilities , the vulnerability stems from the existence of cross-site request...

SUSE CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...

SUSE CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

SUSE CVE-2007-1835

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path session.savepath, uses the TMPDIR default after checking the restrictions, which allows local users to bypass openbasedir restrictions...

SUSE CVE-2007-3378

The 1 sessionsavepath, 2 iniset, and 3 errorlog functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safemode and openbasedir restrictions and possibly execute arbitrary commands, as demonstrated using a phpvalue, b...

SUSE CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

CVE-2022-41379

An arbitrary file upload vulnerability in the component /leavesystem/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29647

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...

CVE-2022-29661

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/plsave for...