Arbitrary File Deletion Vulnerability in YCCMS controller directory Pi***.cl***.php

YCCMS is a PHP version of a lightweight CMS builder. YCCMS 3.4 version controller directory Pi.class.php arbitrary file deletion vulnerability, an attacker can use the vulnerability to delete arbitrary files...

SQL injection vulnerability in me***.class.php file of Laikai e-commerce management system

Laike e-commerce management system is an open source e-commerce management system. Laike e-commerce management system me.class.php file SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information...

D-Link Central WiFi Manager (CWM-100) Remote Code Execution Vulnerability

D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool that enables you to create and manage multi-site, multi-tenant wireless networks. A remote code execution vulnerability exists in /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM-100...

GLPI SQL Injection Vulnerability (CNVD-2018-12547)

GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A SQL injection vulnerability exists in the 'constructSQL' function of t...

Studio 42 elFinder Directory Traversal Vulnerability

Studio 42 elFinder is an open source Web file manager using jQuery and jQuery UI and written in JavaScript . A directory traversal vulnerability exists in Studio 42 elFinder. An attacker can exploit this vulnerability by deleting files with the 'zipdl' function in the elFinder.class.php file...

Thunderwind Movie CMS v3.3.0 SQL Injection Vulnerability in NewsController.class.php Page

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS v3.3.0 SQL injection vulnerability exists in NewsController.class.php page. Attackers can...

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System member.class.php Page

B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the member.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the program not adequately filtering user-suppli...

SQL injection vulnerability in category.class.php page of UQCMS Cloud B2B2C multi-store system

B2B2C multi-store system is a B2B2C e-commerce software with PHP+MYSQL program and smarty template. A SQL injection vulnerability exists in the category.class.php page of the UQCMS Cloud Business B2B2C Multi-Store System. The vulnerability stems from the program not adequately filtering...

sysPass Cross-Site Scripting Vulnerability

sysPass is a PHP-based Web password manager. A cross-site scripting vulnerability exists in the inc/SP/Html/Html.class.php file in sysPass version 2.1.9. A remote attacker can exploit this vulnerability to bypass the cross-site scripting filter...

SQL Injection Vulnerability in doAjaxGetCip Function of Tibco Call Center System

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A SQL injection vulnerability exists in the doAjaxGetCip function of the Tibco Call Center System. Vulnerability file: /userweb/php/index/user.class.php, exploit: UNION...

PHPYUN multiple SQL injection and rapid positioning disregard 3 6 0 defense-a vulnerability warning-the black bar safety net

Other local estimates are little friends are digging done, we see not often is attention of place In the QQ log in here qqconnect. class. php file We take a look qq landing, will bind the qq of the relevant information: code area function qqbindaction if$GET'usertype'=='1' || $GET'usertype'=='2' ...