emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. Code injection vulnerability exists in emlog 2.4.1 and previous versions, the vulnerability stems from the manipulation of the keyword parameter in the /admin/tag.php file leading to cross-site scripting attacks...

PT-2024-39839 · Unknown · Lylme Spage

Name of the Vulnerable Software and Affected Versions: LyLme spage version 1.9.5 Description: A critical issue has been found in the code of the file /admin/tag.php, where the manipulation of the id argument leads to SQL injection. This issue can be initiated remotely. Recommendations: For LyLme...