IdeaCMS 命令注入漏洞

IdeaCMS is an open source shopping mall system by IdeaCMS. A command injection vulnerability exists in IdeaCMS 1.8 and earlier versions, which stems from incorrect manipulation of the parameter site name in the file app/common/logic/admin/Config.php, which could lead to a command injection attack...

CVE-2019-19851

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20...

CVE-2018-15892

CVE-2018-15892 affects FreePBX 13 and 14, with SQL injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page. Root cause: unsafely constructed SQL in the DISA form handling. Impact: confidentiality, integrity, and availability potentially affected (...

CVE-2015-2690

Multiple cross-site scripting XSS vulnerabilities in views/add-license-form.php in the Digium Addons module digiumaddoninstaller before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the 1 addlicensekey, 2 addlicensefirstname, 3 addlicenselastname, 4...

RedBLoG 0.5 admin/config.php root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

CVE-2010-3490

CVE-2010-3490 affects FreePBX

Newbie CMS Insecure Cookie Handling

----------exploit Debut Insecure Cookie Handling Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Site : http://newbie-cms.com Download : http://newbie-cms.com/freedownload.php?file=newbiev003.zip ----------exploit Info...

Code injection

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter...

CVE-2006-7025

SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter...

CVE-2006-5021

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in 1 the root parameter in imgen.php, and the rootpath parameter in 2 admin/config.php, 3 common.php, and 4 admin/index.php. NOTE: the provenance of this...

PT-2006-5762 · Redgun · Redblog

Name of the Vulnerable Software and Affected Versions: redgun RedBLoG version 0.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the root parameter in "imgen.php", and the root path parameter in "admin/config.php",...