2 matches found
PT-2024-23687 · Fudforum · Fudforum
Name of the Vulnerable Software and Affected Versions: FUDforum version 3.1.3 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under the "/adm/admsql.php" API endpoin...
PT-2023-25028 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS versions through 5.7.109 Description: The issue allows remote attackers to run arbitrary code via a crafted POST request to the "/dede/tpl.php" API endpoint. This enables attackers to execute arbitrary code on the affected system...