EUVD-2018-3741

Malware in sbrugna...

CVE-2018-11722

CVE-2018-11722 affects WUZHI CMS 4.1.0 with a SQL Injection in api/uc.php driven by the 'code' parameter due to a hard-coded UC_KEY. The vulnerability is described across multiple datasources as enabling arbitrary SQL commands; CVSS metrics indicate network-level access, low attack complexity, an...

CVE-2018-11722

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UCKEY' is hard coded...

FineCMS高级版前台getshell(demo成功)

简要描述： demo也shell了哦 详细说明： 看到\member\api\uc.php define'DISCUZROOT', dirnamedirnamedirnameFILE.'/member/ucenter/'; include DISCUZROOT.'api/uc.php'; 就是包含了uc的那个插件。但是这个功能只有高级版才有，免费版没有 然后uckey都是默认的 8808cer8o1UJsEpt2G2Jn0uhEn/YgEva589Mfo0 然后就可以直接getshell了 附上脚本 ! /usr/bin/env python coding=utf-8 import...

DISCUZX1. 5 local file inclusion vulnerability-vulnerability warning-the black bar safety net

DISCUZX1. 5 local file inclusion, of course, is conditional, is to use a file as a cache. configglobal.php $config'cache''type' = 'file'; function cachedata$cachenames ...... $isfilecache = getglobal'config/cache/type' == 'file'; ...... if$isfilecache $lostcaches = array; foreach$cachenames as...