25 matches found
CVE-2026-9376
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the doWriteSave process in the UCenter Article Submission Endpoint when handling the id or userId arguments. An attacker can gain unauthorized access to or modify articles by sending crafted requests to the...
CVE-2026-9376
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
CVE-2026-9376
CVE-2026-9376 concerns JPress UCenter Article Submission Endpoint (up to 1.0.3). The vulnerable element is an unknown function in /ucenter/article/doWriteSave where manipulating the argument id or userId can lead to improper authorization. The issue can be exploited remotely, and the exploit has ...
JPress 授权问题漏洞
JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...
PT-2026-42936
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
What Happens Inside PDFAid in Seconds: From Upload to Download
Disclosure: This article was submitted by PDFAid for publication...
SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0
Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL injection vulnerability in the background up***.php file of Shield Spirit Original Article Submission System
The Shield Spirit Original Article Submission System is a concise submission system. A SQL injection vulnerability exists in the background up.php file of Shield Spirit Original Article Submission System. An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0 Backend
Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 has a SQL injection vulnerability in the background, which can be exploited by attackers to obtain sensitive information from the database...
SQL injection vulnerability in the article submission interface of S-CMS school website builder system
S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A SQL injection vulnerability exists in the article submission interface of S-CMS School Building System. An attacker can exploit the...
SDCMS 最新门户版 V3.0 储存型xss一枚 可盲打后台
简要描述: 严谨的说 是编辑器xss储存型漏洞 详细说明: 虚拟主机搭建测试: 需要条件: 开启会员注册默认开启 开启投稿功能(默认开启) 下载地址: http://www.sdcms.cn/product/portal.html 默认 开启会员注册 无需审核 原本想在demo上测试的 但是他开启审核了 ---------------------------------------- 注册个会员 找到在线投稿 选择文章模型 远程上传地址处 插入: " 提交 img...
PHPCMS V9 article submission CSRF vulnerability-vulnerability warning-the black bar safety net
CSRF can lead to add back the administrator account. ! In Member center, article submission, in source fill in: Exploit code: Super administrator the myform. submit If the administrator in the background of the audit, it will trigger JS that leads to add in Admin. ! ! Vulnerability proof: !...
Bitweaver 2.8.1 Cross Site Scripting
exploit title: persistant xss in bitweaver2.8.1 date: 22.o2.2o11 author: lemlajt software : bitweaver @ sourceforge.net version: 2.8.1 tested on: linux cve : PoC : 1. submit an article POST http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/articles/edit.php form-data;...
Bitweaver 2.8.1 - Persistent Cross-Site Scripting
exploit title: persistant xss in bitweaver2.8.1 date: 22.o2.2o11 author: lemlajt software : bitweaver @ sourceforge.net version: 2.8.1 tested on: linux cve : PoC : 1. submit an article POST http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/articles/edit.php form-data;...
Campsite CMS - Remote Persistent Cross-Site Scripting
Campsite CMS - Remote Persistent Cross-Site Scripting Exploit Title: Campsite CMS remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:Low Contact:bd4rk357atyahoodotin Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18 Greetz...
AJ Article Cross Site Scripting
1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 vendor URL :http://www.ajsquare.com/ Google Dork :Powered By: AJ Square Inc Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...
AJ Article 3.0 - Cross-Site Scripting
1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 vendor URL :http://www.ajsquare.com/ Google Dork :Powered By: AJ Square Inc Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...