MPay code-related vulnerabilities

MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier have code vulnerabilities, which stem from incorrect handling of the parameter “codeimg”. This vulnerability may lead to arbitrary file uploads...

HUSTOJ 安全漏洞

HUSTOJ is a popular OJ system by the individual developer Zhang Haobin zhblue in China. A security vulnerability exists in HUSTOJ version 2025-01-31, which stems from parameter injection and could lead to cross-site scripting attacks...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...

hosporder 注入漏洞

hosporder is a hospital appointment registration system by the individual developer Xiaohao.Shi in China. There is an injection vulnerability in hosporder, which originates from a SQL injection due to the incorrect operation of the parameter officesName in the file OfficeServiceImpl.java...

like-girl 安全漏洞

like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from SQL injection due to incorrect operation of the parameters imgDatd/imgText/imgUrl in the file /admin/ImgAddPost.php...

Dreamer CMS Security Vulnerability

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version 4.1.3, which stems from a cross-site request forgery CSRF vulnerability in component /admin/task/add...