53 matches found
CVE-2026-41201
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...
CVE-2018-25421
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...
FreePBX 代码问题漏洞
FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.71 and 17.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the backup module failing ...
CVE-2026-41201
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...
CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...
CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...
CVE-2026-41201
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...
CVE-2026-41201
The CVE affects ci4ms (CodeIgniter 4-based CMS skeleton) in version 0.31.4.0, where the backup-management module’s filename field is vulnerable to stored DOM XSS. An attacker can leverage this to achieve full account takeover and privilege escalation; the issue is addressed in version 0.31.5.0. T...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Version CI4MS 0.31.4.0 contains a cross-site scripting vulnerability. This vulnerability arises from the backup module’s filename field allowing XSS payloads to be hidden through SQL file tampering, potentially leading to full...
EUVD-2019-9229
Malware in sbrugna...
EUVD-2011-4254
Malware in sbrugna...
EUVD-2022-44783
Malicious code in bioql PyPI...
CVE-2022-41591
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files...
CVE-2011-4322
websitebaker prior to and including 2.8.1 has an authentication error in backup module...
Sewio Real-Time Location System (RTLS) Studio 操作系统命令注入漏洞
Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An operating system command injection vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which stems from not properly validating the input module name of the...
PT-2023-15526 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper validation of the input module name to the backup services of the software. This could allow a remote attacker to access...
CVE-2022-41591
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files...
CVE-2022-41591
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files...
Path traversal
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files...
CVE-2022-41591
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files...