10 matches found
dedecmscan
This is a Python-based vulnerability scanner for the DedeCMS platform. The scanner is designed to identify potential vulnerabilities in the platform, including SQL injection, cross-site scripting XSS, and other types of attacks. The scanner consists of several modules, each responsible for...
phpbms 0.96 Multiple Vulnerabilities
No description provided by source. phpBMS v0.96 phpbms.org eLwauxc2009, uasc.org.ua http://phpbms.org/trial/ SQL Inj -------------------------------------------------------------------------------------------------------------------------------------------------------------------------...
DedeCMS v5.6 /plus/advancedsearch.php SQL注入漏洞
DedeCMS是国内一款非常流行的网站内容管理系统,其v5.6版本在/plus/advancedsearch.php文件中只要line 36中的$mid不为0,然后能在line 43中检索出自定义模型,便可继续下面的逻辑,因为line 54 变量$sql未初始化,所以利用dede注册变量的逻辑,可以控制$sql的值,所以$sql会被带入数据裤中查询。 DedeCMS 5.6...
Sql injection
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to modules/bms/invoicesdiscountajax.php, 2 f parameter to dbgraphic.php, and 3 tid parameter in a show action to advancedsearch.php...
CVE-2009-3754
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to modules/bms/invoicesdiscountajax.php, 2 f parameter to dbgraphic.php, and 3 tid parameter in a show action to advancedsearch.php...
phpbms 0.96 - Multiple Vulnerabilities
phpbms 0.96 - Multiple Vulnerabilities phpBMS v0.96 phpbms.org eLwauxc2009, uasc.org.ua http://phpbms.org/trial/ SQL Inj -------------------------------------------------------------------------------------------------------------------------------------------------------------------------...
phpbms 0.96 - Multiple Vulnerabilities
phpBMS v0.96 phpbms.org eLwauxc2009, uasc.org.ua http://phpbms.org/trial/ SQL Inj ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $querystatement="SELECT...
CVE-2005-4857
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service Apache httpd segmentation fault via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...
CVE-2005-4857
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service Apache httpd segmentation fault via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...
CVE-2005-4857
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service Apache httpd segmentation fault via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...