ZZCMS 代码注入漏洞

ZZCMS is a content management system CMS from the China ZZCMS team. A code injection vulnerability exists in ZZCMS version 2025, which stems from incorrect manipulation of the parameter icp in the back-end site settings module file /admin/siteconfig.php, which may lead to code injection...

EUVD-2006-1118

Malware in sbrugna...

Cross-Site Request Forgery (CSRF)

typo3/cms-dashboard is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods in state-changing actions and misconfigurations in the backend settings, such as disabled security.backend.enforceReferrer or lax/none BE/cookieSameSite settings,...

CVE-2024-32167

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files...

CVE-2024-32167

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files...

PT-2024-24454 · Unknown · Sourcecodester Online Medicine Ordering System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Medicine Ordering System version 1.0 Description: The issue allows for arbitrary file deletion due to a function in the backend settings that can delete any files, initially intended for deleting pictures. Recommendation...

CVE-2024-32167

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files...

CVE-2024-32167

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files...

Insecure Deserialization

typo3/cms-core is vulnerable to insecure deserialization. The vulnerability exists as $BEUSER-uc in the backend settings is not properly handled...

BlackCat CMS Cross-Site Scripting Vulnerability (CNVD-2017-24888)

BlackCat CMS is a PHP5, HTML5 content management system. A cross-site scripting vulnerability exists in the backend/settings/ajaxsavesettings.php file in BlackCat CMS, which can be exploited by remote attackers via the site title or site footer fields...

CVE-2006-1114

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. dot dot and trailing %00 NULL byte in the 1 template and 2 page parameters in a index.php, and the 3 language parameter in b inc/backendsettings.php...

LoudBlog <= 0.4 arbitrary remote inclusion

------------- LoudBlog = 0.4 arbitrary remote inclusion ----------- software: site: http://loudblog.de/ description: "Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web. It automatically generates a skinnable website and an RSS-Feed for...