Thunderwind Movie CMS v3.3.0 SQL Injection Vulnerability in NewsController.class.php Page

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS v3.3.0 SQL injection vulnerability exists in NewsController.class.php page. Attackers can...

DSMmall Multi-merchant open source mall system check_email method has SQL injection vulnerability

DSMmall multi-commercial open source mall source code is a thinkPHP as the framework for the development of multi-user mall system source code. DSMmall multi-commerce open source mall system checkemail method SQL injection vulnerability. The vulnerability is due to the system fails to effectively...

TPshop 前台无限制Getshell #2

0x01 说明 TPshop开源商城系统 Thinkphp shop的简称 ，是深圳搜豹网络有限公司开发的一套多商家模式的商城系统。适合企业及个人快速构建个性化网上商城。包含PC+IOS客户端+Adroid客户端+微商城，系统PC+后台是基于ThinkPHP5 MVC构架开发的跨平台开源软件，设计得非常灵活，具有模块化架构体系和丰富的功能，易于与第三方应用系统无缝集成，在设计上，包含相当全面，以模块化架构体系，让应用组合变得相当灵活，功能也相当丰富。 下载地址：http://www.tp-shop.cn/Index/Index/download.html 目录大概结构 ├─index.p...

TPshop 后台代码执行漏洞

0x01 说明 TPshop开源商城系统 Thinkphp shop的简称 ，是深圳搜豹网络有限公司开发的一套多商家模式的商城系统。适合企业及个人快速构建个性化网上商城。包含PC+IOS客户端+Adroid客户端+微商城，系统PC+后台是基于ThinkPHP5 MVC构架开发的跨平台开源软件，设计得非常灵活，具有模块化架构体系和丰富的功能，易于与第三方应用系统无缝集成，在设计上，包含相当全面，以模块化架构体系，让应用组合变得相当灵活，功能也相当丰富。 下载地址：http://www.tp-shop.cn/Index/Index/download.html 目录大概结构 ├─index.p...

LvyeCMS Code Execution Vulnerability

LvyeCMS is a content management system developed by China Lvye Network Technology using ThinkPHP framework and an independent grouping approach. A security vulnerability exists in LvyeCMS 3.1 and earlier versions. The vulnerability can be exploited by a remote attacker to upload and execute...

SQL injection vulnerability in CollectController.class.php page of Thunderwind Movie & TV cms system

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Film and Television CMS system CollectController.class.php page SQL injection vulnerability, attacke...

LvyeCMS Public tologin function cross-site scripting vulnerability

LvyeCMS is a content management system developed using the ThinkPHP framework and an independent grouping approach. A cross-site scripting vulnerability exists in the Public tologin function of the admin.php file in LvyeCMS 3.1 and earlier versions. A remote attacker can exploit this vulnerabilit...

TPshop open source mall system 2.0 eval-stdin.php file there is a backdoor default vulnerability

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop open source mall system 2.0 eval-stdin.php file has a backdoor vulnerability . Attackers send POST requests containing malicious...

SQL Injection Vulnerability in YxtCMF Frontend IndexController.class.php Page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the IndexController.class.php page of the YxtCMF frontend. An attacker can exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Multiple Methods of WKshop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop General Mall System has SQL injection vulnerability in several methods, an authenticated attacker can construct a...

File Upload Vulnerability in WK+shop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. A file upload vulnerability exists in the WK+shop universal mall system, which allows an attacker to upload arbitrary files a...

ThinkPHP 5.0.10 framework exp expressions suffer from SQL injection vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. A SQL injection vulnerability exists in the ThinkPHP 5.0.10 framework exp expression. Due to the system fails to effectively filter the data submitted by the user. An attacker...

ThinkPHP 5.0.10 framework filterExp function has SQL injection vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. A SQL injection vulnerability exists in the filterExp function of ThinkPHP 5.0.10 framework. A remote attacker can exploit the vulnerability to obtain sensitive database...

SSRF vulnerability in Bycms user-post method

Bycms Beyoncms is a content management system based on thinkphp 5.0.9. An SSRF vulnerability exists in the Bycms user-post method. An attacker can exploit the vulnerability to detect the database version number and open port service information...

SQL Injection Vulnerability in the Latest Version of YxtCMF

YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. The latest version of YxtCMF has a SQL injection vulnerability, which is exploited by attackers to obtain database sensitive information...

Stored cross-site scripting vulnerability in the study function on the YxtCMF CourseController.class.php page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A stored cross-site scripting vulnerability exists in the study function on the YxtCMF CourseController.class.php page. An attacker can insert malicious js code into...

Arbitrary file download vulnerability in the downmaterial function on the YxtCMF CourseController.class.ph page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. An arbitrary file download vulnerability exists in the YxtCMF CourseController.class.ph page downmaterial function. Allows an attacker to exploit the vulnerability t...

YxtCMF v3.1.0 SQL Injection Vulnerability in 'ty_id' Parameter

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 SQL injection vulnerability exists in the 'tyid' parameter. An attacker can exploit this vulnerability to obtain sensitive information from the databas...

ThinkPHP5. 0. 10-3. 2. 3 cache function design flaws can lead to Getshell

0x00 framework operating environment ThinkPHP is a free open source, fast, simple object-oriented lightweight PHP development framework, in order to agile WEB application development and simplify enterprise application development and birth. ThinkPHP from inception has been adhering to the simple...

ThinkPHP Cache Functions Have Design Flaw Vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. There is a design flaw vulnerability in the ThinkPHP cache function. The vulnerability is due to ThinkPHP in the use of cache data serialization, stored in the php file caused...