11 matches found
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
EUVD-2018-11571
Malware in sbrugna...
EUVD-2021-30589
Malicious code in bioql PyPI...
CVE-2021-43682
thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...
Cross site scripting
thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...
CVE-2021-43682
thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...
CVE-2021-43682
CVE-2021-43682 affects thinkphp-bjyblog and is caused by an XSS issue in AdminBaseController.class.php due to insufficient input filtering. The exit function can print a message containing $_SERVER['HTTP_HOST'], potentially exposing server information or enabling crafted payloads to reflect data....
Thinkphp-Bjyblog 跨站脚本漏洞
Thinkphp-Bjyblog is an open source blog based on ThinkPhp developed by Baijunyao, an individual developer in China. A cross-site scripting vulnerability exists in Thinkphp-Bjyblog because the exit function in the product AdminBaseController.class.php file does not effectively filter input data. T...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19897
CVE-2018-19897 refers to ThinkCMF X2.2.2, where there is a SQL injection in the function _listorders() within AdminbaseController.class.php. The vulnerability is exploitable by users with manager privileges via the listorders[key][1] parameter in a Link listorders action. Multiple connected sourc...