Sql injection

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...

API Admin Auth Weakness in tomato

Versions of tomato prior to 0.0.6 are affected by a somewhat complex authentication bypass vulnerability in the admin service when only a single access key is configured on the server. The vulnerability allows an attacker to guess the password for the admin service, no matter how complex that...

Cross site request forgery (csrf)

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...

CVE-2018-19544

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...

SQL Injection Vulnerability in MIPCMS ApiAdminTag.php Page

MIPCMS is a free and open source based on Baidu Mobile Accelerator MIP engine based on the development of articles, information, content management system, but also the system for the Internet webmasters, entrepreneurs and other groups to create SEO-optimized after the station-building system. A...