2 matches found
Arbitrary code execution vulnerability in Finecms backend controllers\admin\Sms.php page
FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. An arbitrary code execution vulnerability exists in the Finecms backend controllers\admin\Sms.php page. Since the array2string function does not filter the submitted data, allowing attackers to...
知道key的情况下对ucserver进行注射
简要描述: 因为帮finger解决问题,无意中看到的漏洞。 怎么拿到key要问finger。 详细说明: 在/ucserver/control/feed.php内有一段代码: function onadd $this-load'misc'; $appid = intval$this-input'appid'; $icon = $this-input'icon'; $uid = intval$this-input'uid'; $username = $this-input'username'; $bodydata =...