Logic Design Vulnerability in ECS Online Learning System v3.1.0

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...

Logic flaw vulnerability in the latest version of wstmall

WSTMall is a thinkphp framework based on the development of multi-commercial O2O open source system. The latest version of wstmall has a logic flaw vulnerability. Attackers can use the vulnerability to reset the password...

Cross-site scripting vulnerability in lvyeCms

LvyeCMS is developed based on ThinkPHP framework, which is a content management system developed using independent grouping. A cross-site scripting vulnerability exists in lvyeCms due to the system failing to filter user-supplied data. An attacker can exploit this vulnerability to execute malicio...

SQL injection vulnerability in the latest version of wstmall (CNVD-2017-19365)

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp, is a system that can help businesses and individuals to quickly build a community service system. The latest version of wstmall V1.9.4170630 has a SQL injection vulnerability, which can be...

SQL injection vulnerability in the latest version of wstmall (CNVD-2017-19366)

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp, is a system that can help companies and individuals to quickly build a community service system. The latest version of wstmall V1.9.4170630 has a SQL injection vulnerability, which can be...

ThinkPHP5 PDO Authenticity Preprocessing suffers from SQL Injection Vulnerability

ThinkPHP V5.0 is a high-performance framework designed for API development. A SQL injection vulnerability exists in ThinkPHP5 PDO authenticity preprocessing. The vulnerability is caused by controlling the value position of the in statement, i.e. by passing in an array, leading to a SQL injection...

Two Pseudo-injection Vulnerabilities in WSTMart Frontend

WSTMart multi-user mall is a thinkphp5.0 for the core development of php multi-user B2B2C mall system. There are two pseudo-injection vulnerabilities in WSTMart frontend. An attacker can use this vulnerability to obtain database account password information...

WSTMart 'addressId' parameter has a design flaw vulnerability in Guangzhou Shangtao Information Technology Co.

WSTMart e-commerce system is based on THINKPHP 5.0 development of B2B2C integrated e-commerce system. There is a design flaw vulnerability in the WSTMart 'addressId' parameter of Guangzhou Shangtao Information Technology Co. Allow attackers to obtain database account password information...

WSTMALL Mall System v1.9.2 SQL Injection Vulnerability in pkey Parameter

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp , is a system that can help businesses and individuals to quickly build a community service system . WSTMALL mall system V1.9.2 version of the pkey parameter there is a SQL injection vulnerabilit...

Multiple SQL Injection Vulnerabilities in tpshop 2.0

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . tpshop2.0 there are multiple SQL injection vulnerabilities , the vulnerability stems from tpshop2.0 thinkphp5.0 framework development , ...

File Write Vulnerability in tpshop2.0 Backend

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . tpshop2.0 background file write vulnerability allows attackers to exploit the vulnerability to write arbitrary files...

TPshop 2.0 Backend SQL Injection Vulnerability in Multiple Different Page Parameters

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop 2.0 background parameters of a number of different pages mobile, id and orderby the existence of SQL injection leaks , allowing...

Backdoor vulnerability in lvyecms backend

LvyeCMS is a content management system developed based on ThinkPHP framework, using an independent grouping approach. Backdoor vulnerability exists in lvyecms background add module page at the function . Allow attackers to exploit the vulnerability can be obtained server privileges...

74cms at the front Desk The type parameter template engine injection vulnerability

This is a service end template injection vulnerabilities. Application/Home/Controller/MController.class.php apply'Mobile' redirectbuildmobileurl; $type = I'get. type','android','trim'; $androiddownloadurl = C'qscmsandroiddownload'? C'qscmsandroiddownload':"; $iosdownloadurl = C'qscmsiosdownload'?...

Remote Code Execution Vulnerability in ThinkPHP 5

ThinkPHP is an open source PHP framework. A remote code execution vulnerability exists in ThinkPHP 5. ThinkPHP 5 is vulnerable to a remote code execution vulnerability due to unfiltering and improper use of sensitive functions when rendering template content. An attacker can exploit the...

SQL Injection, Remote Command Execution Vulnerabilities Exist in Kinglion Technologies Call System

Jinlun Technology Call System is a set of intelligent telemarketing management system specially designed by Shenzhen Jinlun Communication Co. Jinlun call system exists SQL injection, remote command execution vulnerability, due to SOAP interface external entity injection and the use of Think php...

53KF /new/client.php sql注入漏洞

利用过程： 53KF 采用ThinkPHP框架， 注入地址：http://xxx.com/new/client.php?m=Statistic&a=setLost&field=chatrobotlost&type=plus&companyid0=1，companyid0存在时间盲注 payload: /new/client.php?m=Statistic&a=setLost&field=chatrobotlost&type=plus&companyid0=-1%20or%201!=sleep5limit%201%23between...

yershop多用户商城系统 Driver.class.php等多处SQL注入漏洞

0x01漏洞简介 yershop是采用thinkphp框架开发的一套商城系统。其在以下3处存在SQL注入漏洞： 1Driver.class.php 可以通过以下的payload进行注入： index.php?c=Article&a=index&category0==1 or updatexml1,concat1,select concatuser,1,version,1%23in&category1=xxxx 2TuanController.class.php 可以通过以下的payload进行注入： /index.php?c=Tuan&a=category&id0==1 or...

ThinkPHP 模板常量__SELF__ XSS漏洞

No description provided by source...

ThinkPHP v3.1-3.2 Driver.class.php SQL注入漏洞

No description provided by source...