CVE-2023-23007

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added...

CVE-2024-24388

Cross-site scripting XSS vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login...

Command Execution Vulnerability in EasyReport

EasyReport is an easy to use Web reporting tool , its main function is to query the SQL statement to convert the data into a report page , while supporting the table across the rows RowSpan and across the columns ColSpan configuration. A command execution vulnerability exists in EasyReport. An...

Weak Password Vulnerability in Tianqing Intrusion Prevention System NGIPS of Beijing Qixingchen Information Security Technology Co.

SkyQuest Intrusion Prevention System is a network-based intrusion prevention product independently developed by Qixing, which is based on the core concept of deep defense and precise blocking. Through deep analysis of network traffic, it can accurately discover various types of intrusion attacks ...

S-CMS Enterprise Website Builder System has Arbitrary File Download Vulnerability

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS enterprise website building system PHP version v3.0 version of the existence of arbitrary file download vulnerability, logging...

Vulnerability of universal password login in the background of website building system of Guangzhou Yongtuo Information Technology Co.

Guangzhou Yongtuo Information Technology Co., Ltd. website building system is a website building system. There is a universal password login vulnerability in the background login page of Guangzhou Yongtuo Information Science and Technology Co...

SQL Injection Vulnerability at the login of Central Message Board v3.2

Central Message Board is an online message system developed by Central Studio using oop. Azeus Message Board v3.2 SQL injection vulnerability exists at the login. Azeus Message Board v3.2 fails to filter the name parameter in the background login, allowing attackers to exploit the vulnerability f...

CVE-2017-6342

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically lo...

Live off the mobile phone client xss comfortably into the background-bug warning-the black bar safety net

Brief description: Live off the mobile phone client sidexsscomfortably, you can log in the background Detailed description: 0x00 keywords code area Live off to find room Android App, user feedback, comfortably, the storage-typexss, the'" 0x02 process User feedback directly inserted into the !...

Cheng's dance CMSPHP3. 0 stored xss getshell-a vulnerability warning-the black bar safety net

This cms before 9 0 someone made a getshell,when is background verification file problem The official website has been patched, so again, source Because the backend login will also need the authentication code so the injection didn't see. There xss Vulnerability file user/member/skinedit.php trtd...

ESPCMS background login bypass vulnerability reference EXP-vulnerability warning-the black bar safety net

After a lapse of long time,children's shoes successively sent through the CMS vulnerabilities, today generally see, the problem there is that official or has been repaired loopholes. The problem is in the background files of adminsoft\control\adminuser. php file Code The problem is in the functio...

phpweb finished website full version through the kill injection vulnerability and fix-vulnerability warning-the black bar safety net

Keywords: inurl:webmall/detail. php? id Data table: pwnbaseadmin About to get shell 首先 登录 后台 admin.php See the upload. php source code analysis for an afternoon, and then about understand that although the upload where only allowed to upload gif,jpg,png,bmp four types of files, but not the file...

126cms background log injection vulnerability and fix-vulnerability warning-the black bar safety net

To see the code. 0 1...... A number of...... 0 2 if !$ postdb"userid" || !$ postdb"pwd" 0 3 0 4 echo "div align="center" class="style1""; 0 5 echo "your input user name or password mistake!!!"; 0 6 echo "/div"; 0 7 exit; 0 8 0 9 www.2cto.com 1 0 $postdb"pwd"=md5$postdb"pwd"; 1 1 1 2 1 3...

PHP168 V6. 01/6. 0 2 elevation of privilege and storm the local path vulnerability-vulnerability warning-the black bar safety net

PHP168 whole Station is the PHP field of the current most powerful build system, The code is all open source, can be extremely convenient for secondary development, all modules can be freely installed and removed, individual users completely free to use PHPCMS V6. 0 1 There is a serious security...

maxphp video system vulnerabilities-vulnerability warning-the black bar safety net

play. php?& amp;m=1&n=1&id=1%cf’+and+1=2+union+select+1,concatadminname,0x20,password,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8+from+maxadmin%2 3 View to password, you can log in directly to the background...

ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...