11 matches found
TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17967)
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland.TYPO3 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output, which can be exploited by an attacker with TYP...
TYPO3 server-side request forgery vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A server-side request forgery vulnerability exists in TYPO3 versions prior to 7.2.1, which stems from a failure to check the legitimacy of a request. An attacker can exploit this...
October CMS Cross-Site Scripting Vulnerability
October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October CMS versions 1.0.319 and 1.0.469 that allows a back-end user with upload file privileges to upload SVG files without any processing of the...
typo3 -- multiple vulnerabilities
Typo3 News: CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email...
CVE-2019-19745
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...
Design/Logic Flaw
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...
CVE-2019-19745
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...
A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter
More info at https://contao.org/en/news/contao-441.html...
A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter
More info at https://contao.org/en/news/contao-3528.html...
phpwcms 'preg_replace()'multiple remote PHP code injection vulnerability-vulnerability warning-the black bar safety net
phpwcms is an open source content management system. phpwcms 1.5.4.6 and other versions in the realization on the presence of a plurality of code injection vulnerability, an authenticated remote attacker can use the"backend user""admin user""backend user"account exploit these...
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
Document Title: =============== ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=689 Release Date: ============= 2012-11-15 Vulnerability Laboratory ID VL-ID: ==================================== 689...