WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

Design/Logic Flaw

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via...

PHPCMS V9 /phpcms/modules/vote/index.php 代码执行漏洞

漏洞影响版本：phpcms v9.5.8漏洞分析：hpsso/index.php文件所有的操作都存在严重的注入问题，这个类文件的构造函数最先调用它的父构造函数，通过authkey来解析POST传入的data内容，解析后data中的内容会作为注册、登陆、删除用户等操作的内容依据，而这些操作都会将这些数据作为数据库查询语句使用。这个问题其实在XXX的《PHPCMS V9...

TIPASK问答系统SQL注入三（有多个大型互联网企业案例）

简要描述： TIPASK问答系统SQL注入三（影响天极网、戴尔中国、WPS office、小米等网站） 详细说明： 部分案例： 通过源代码发现/control/gift.php存在注入，部分代码如下 function onadd ifisset$this-post'realname' $realname = $this-post'realname'; $email = $this-post'email'; $phone = $this-post'phone'; $addr = $this-post'addr'; $postcode = $this-post'postcode'; $qq ...

TIPASK问答系统SQL注入二（有多个大型互联网企业案例）

简要描述： 审核真给力，刚提交就通过了 ，赞啊！！！！ 详细说明： 部分案例： 经分析下列文件存在注入 /control/message.php 代码如下 function onremovedialog if$this-post'messageauthor' $authors = $this-post'messageauthor'; $ENV'message'-removebyauthor$authors; $this-message"对话删除成功!", geturlsource; 跟进removebyauthor函数 function removebyauthor$authors...