EUVD-2007-2547

Malware in sbrugna...

EUVD-2019-3288

Malware in sbrugna...

Modify other people's articles by modifying the data package

Description The program does not check whether the originator of the request has this permission. I can modify the content of other people's articles and even modify the content by capturing data packets, even if I am not the owner of the article, even if I do not have permission in this respect...

CVE-2019-11618

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 accesstoken in a uri=blog&action=index&controller=blog...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify articles via a savepost action to admin/news/saveNEWSID/, 2 modify settings via a savepost action to admin/site/save2/...

lulieblog 1.2 - Multiple Vulnerabilities

No description provided by source. LulieBlog 1.2 Multiple Remote Vulnerabilities Admin Auth Bypass, Upload File, Blind SQL Injection Author: Cod3rZ Site: http://cod3rz.helloweb.eu Site: http://devilsnight.altervista.org Date: 06/05/2008 dd/mm/yyyy Admin Auth Bypass: Modify Articles: send a reques...

Thinksaas 越权+SQL注入#1

简要描述： Thinksaas SQL注入1 详细说明： /app/article/action/edit.php case "do" : $articleid = intval $POST 'articleid' ; $cateid = intval $POST 'cateid' ; $title = tsClean $POST 'title' ;//过滤 $content = tsClean $POST 'content' ;//过滤 if $TSUSER 'user' 'isadmin' == 0 // 过滤内容开始 aac 'system' -antiWord $title...