11 matches found
Unauthorized Access Vulnerability in Apple's CMS
Apple CMS is a complete and powerful rapid site building system running on PHP+MYSQL environment. Apple CMS has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...
Apple CMS suffers from a command execution vulnerability (CNVD-2020-47330)
Apple CMS is a complete and powerful rapid site building system running on PHP+MYSQL environment. Apple CMS suffers from a command execution vulnerability that can be exploited by attackers to gain control of the web server...
Apple CMS suffers from a command execution vulnerability (CNVD-2020-47331)
Apple CMS is a complete and powerful rapid site building system running on PHP+MYSQL environment. Apple CMS suffers from a command execution vulnerability that can be exploited by attackers to gain control of the web server...
SQL Injection Vulnerability in Apple CMS
Apple CMS is a domestic open source PHP station-building system , specializing in Apple CMS movie program , Apple CMS video program , Apple CMS film and television system this piece , with a distinct , in order to be flexible , compact , good compatibility , strong load and so on. Apple CMS SQL...
Arbitrary File Deletion Vulnerability in Apple CMS v10
Apple CMS is a well-established and powerful rapid site builder running on PHP+MYSQL environment. Apple CMS v10 background there are arbitrary file deletion vulnerability, the vulnerability stems from the $name, $force parameters are not filtered, an attacker can use the vulnerability to delete...
SQL Injection Vulnerability in Apple CMS-V7 Backend Get Info Interface
Apple CMS program is a perfect and powerful rapid website building system running on PHP+MYSQL environment. There is a SQL injection vulnerability in the backend interface of Apple CMS-V7 version to obtain information. The reason for the vulnerability stems from the fact that the program does not...
SQL Injection Vulnerability in Apple CMS Charge Card Management System
Apple CMS program is a fast website building system that runs on PHP+MYSQL environment. An SQL injection vulnerability exists in the Apple CMS Rechargeable Card Management System. An attacker can exploit the vulnerability to obtain sensitive database information...
苹果cms一处csrf可导致用户密码为空
简要描述: 以前在火车上的时候找到的 一直没提交 详细说明: 修改个人资料处 没有原始密码,直接抓包 poc None...
苹果cms7.x版本任意文件上传
简要描述: 虽然限制了文件上传类型 但是没有终止代码继续往下执行 详细说明: 问题出在 admin/editor/upload.php 第22行 if!inarraysubstr$FILEa'name',-3,3,$ftypes $errm = "文件格式不正确1 重新上传 ";//虽然限制了文件类型 但是没有代码还是能继续往下执行 if$FILEa'size' $maxSize1024 $errm = "文件大小超过了限制 重新上传 "; if$FILEa'error' !=0 $errm = "未知错误"; 漏洞证明: 随便选择一个上传点...
苹果CMS继续无视所有过滤进行SQL注入,第二发
简要描述: 这次这个地方主要是想绕过一个限制达到getshell的目的,但是本人水平有限,所以希望大家可以讨论下。 详细说明: 估计依旧小厂商,当然这倒不要紧。 继续上次的注入,如果说上次是因为单词写错的缘故,这次就不仅仅是粗心所造成的了。 接着看代码: 同样index.php开头: 上次分析过,这次直接看 ifempty$ac $ac='vod'; $method='index'; $colnum = array"id","pg","yaer","typeid","classid";//依然是这里 if$parlen=2 $method = $par1; for$i=2;$iP$par...
Green Apple CMS SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================== Green Apple CMS SQL Injection Vulnerability =========================================== Application Info: Name: Green Apple CMS Vendor: http://www.greenapplecms.com Vulnerability Info: Type: Multiple...