Weeds weedcms 5.0 write horse vulnerability-vulnerability warning-the black bar safety net

The problem file in: includes/adminconfig.php the. This app login verification is a For each method to verify the login, instead of the entire file to verify. Or that sentence, see code. | if$do=='templateedit' $file=empty$GET'file'?": trim$GET'file'; ifgetext$file!=' html,'&&getext$file!=' css'...

CVE-2009-1460

CVE-2009-1460 affects razorCMS before 0.4. The issue is weak file system permissions: admin/core/admin_config.php exposes the administrator password hash and FTP credentials to local users; the root directory, datastore/, and admin/core/ also have insufficient permissions, allowing local users to...

CVE-2007-2899

The CVE-2007-2899 entry affects NavBoard 2.6.0, with the vulnerability in admin_config.php allowing direct static code injection to data/config.php via multiple parameters (demonstrated via threadperpage in editconfig). Root cause: insecure handling of input leading to PHP code injection. Impact,...

CVE-2007-2899

Direct static code injection vulnerability in adminconfig.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action...