10 matches found
CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...
EUVD-2022-51889
Malicious code in bioql PyPI...
CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...
CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...
Cross site scripting
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...
CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system...
CVE-2023-31860
Wuzhi CMS v3.1.2 has a storage-type XSS vulnerability in the backend of the Five Finger CMS b2b system. Affected component: Wuzhi CMS core/backend; vulnerability type: storage XSS. Documented impact is limited to a cross-site script in backend contexts; CVSSv3.1 base score 5.4 (Medium) with netwo...
【齐博b2b商务系统】前台多处存储型xss直打后台admin
简要描述: 来一发..... 详细说明: 齐博官网下载第一栏的最新版b2b商务系统作测试。 环境:win7+xampp php 以普通用户权限注册一个号 账号为test 目标取得后台admin权限(Cookies) 在会员中心右栏发表文章,文章发表栏任意 填完数据后提交, burp抓包,改postdbcontent栏,如图 提交。 漏洞证明: 因为默认文章需要后台审核后才能发布,用admin登陆后台审核文章。 https://images.seebug.org/upl...
齐博cms所有产品发现后门
简要描述: 在另一个地方又发现后门了,敢不放后门吗? 还有,压缩包下载下来的时候,360直接报有phpshell,360都看不下去了 = = 详细说明: 齐博cms整站系统 后门文件 ../hack/upgrade/admin.php CRC32 28510105 以及剩下的存在于博客系统 下载系统 考试系统 黄页系统 新闻媒体系统 图片系统 视频系统 知道系统 企业系统 B2B系统 等等(反正官网所有的下载包里都有这个后门)文件在 ../hack/upgrade/admin.php CRC32 5101A2EE...
destoon b2b system all version SQL injection vulnerability analyses reference exp-vulnerability warning-the black bar safety net
在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...