Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. A vulnerability exists in Rocket.Chat prior to version 5.0 due to an authorization issue, which stems from a leak in the getUserMentionsByChannel meteor server method that can be exploited by an attacker to obtain sensitive information...

EBCMS v1.8.2 SQL Injection Vulnerability in edit,channel,status and delete Methods

EBCMS short for EBCMS is a modular plug-in website management system based on PHP+Mysql. EBCMS v1.8.2 SQL injection vulnerability exists in the edit,channel,status and delete methods. The vulnerability is due to the system id parameter does not filter the data submitted by the user , a remote...