FlatCore CMS 2.1.1 Cross Site Scripting

Exploit Title: FlatCore CMS 2.1.1 -Stored Cross Site Scripting Date: 2020-09-24 Exploit Author: Sinem Şahin Vendor Homepage: https://flatcore.org/ Version: 2.1.1 Tested on: Windows & XAMPP == Tutorial http://HOST/install/index.php 2- Write XSS Payload into the username of the user account. 3- Pre...

Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

CVE-2022-38796

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails...

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

CVE-2021-30108

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

CVE-2021-30108

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

e107 CMS-2.1.1 privilege elevation vulnerability

No description provided by source. $login, 'userpass' = $pass, 'userlogin' = 'Sign In'; curlsetopt$ch, CURLOPTPOST, 1; $content = curlexec$ch; if strpos$content, '?logout' === false die"Cannot login"; $data = array; $data'useradmin' = 1; $data'userperms' = 0; $data'userpassword' = md5$pass;...

@CMS 2.1.1 SQL Injection

SQL Injection on @CMS 2.1.1 Stable Risk: High CWE number: CWE-89 Date: 22/08/2014 Vendor: www.atcode.net Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Mint Vulnerable File: articles.php Exploit: http://host/articles.php?catid=SQLI PoC:...

CVE-2010-3458

CVE-2010-3458 describes a SQL injection in Symphony CMS (versions 2.0.7 and 2.1.1) where remote attackers could execute arbitrary SQL via the send-email[recipient] parameter to about/. The OpenVAS entry also notes a broader set of vulnerabilities for Symphony

CVE-2010-1093

SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action...

CVE-2010-1093

CVE-2010-1093 details (MODE C): Affected product: 1024 CMS 2.1.1. The vulnerability is a SQL injection in rss.php when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. This is the explicit root cause described in connec...

@CMS 2.1.1 (readarticle.php article_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== @CMS 2.1.1 readarticle.php articleid SQL Injection Vulnerability =================================================================== Viva IslaM Viva IslaM Remote SQL...

atcms-sql.txt

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability @CMS 2.1.1 readarticle.php articleid AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : @CMS 2.1.1 site : www.atcode.net -:: SQL ::-...

@CMS 2.1.1 - SQL Injection

@CMS 2.1.1 - SQL Injection Viva IslaM Viva IslaM Remote SQL Injection Vulnerability @CMS 2.1.1 readarticle.php articleid AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : @CMS 2.1.1 site : www.atcode.net -:: SQL ::-...