CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

Cross-site scripting and cross-site request forgery vulnerabilities in metinfo

metinfo cms is an enterprise website management system with PHP Mysql architecture. There are cross-site scripting and cross-site request forgery vulnerabilities in metinfo. metinfocms "background settings-basic information-third-party code" form does not have token validation and effective...

Discuz! 7.0-7.2 the background settings. inc. php to write shell vulnerability-vulnerability warning-the black bar safety net

Impact version Discuz! 7.0-7.2 Vulnerability details: if$operation == 'uc' && iswriteable'./ config.inc.php' && $isfounder $ucdbpassnew = $settingsnew'uc''dbpass' == '' ? UCDBPW : $settingsnew'uc''dbpass'; if$settingsnew'uc''connect' $ucdblink = @mysqlconnect$settingsnew'uc''dbhost',...