ZZCMS 跨站请求伪造漏洞

ZZCMS is a content management system CMS by China Zzcms team. ZZZCMS V1.7.1 suffers from a cross-site request forgery vulnerability, which stems from the lack of token validation for cross-site request forgery in the saveuser function in save.php...

PT-2021-16825 · Unknown · Avideo/Youphptube

Name of the Vulnerable Software and Affected Versions: AVideo/YouPHPTube versions 10.0 and prior Description: The issue allows an administrator-privileged user to write files on the filesystem using flag and code variables in the file save.php. This is due to insecure file write. Recommendations:...