PT-2024-38270 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 7 Description: A problematic issue has been found in the processing of the file "/t.php?action=phpinfo", leading to information disclosure. The attack can be initiated remotely. The vendor was contacted about this disclosur...

Concepts Informatics CMS 7 SQL Injection

==================================================================================================================================== | Title : Concepts Informatics cms v 7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

苹果cms7.x版本任意文件上传

简要描述： 虽然限制了文件上传类型 但是没有终止代码继续往下执行 详细说明： 问题出在 admin/editor/upload.php 第22行 if!inarraysubstr$FILEa'name',-3,3,$ftypes $errm = "文件格式不正确1 重新上传 ";//虽然限制了文件类型 但是没有代码还是能继续往下执行 if$FILEa'size' $maxSize1024 $errm = "文件大小超过了限制 重新上传 "; if$FILEa'error' !=0 $errm = "未知错误"; 漏洞证明： 随便选择一个上传点...

CVE-2011-1064

SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB parameter...

CVE-2011-1064

CVE-2011-1064 involves a SQL injection in the Qi Bo CMS 7, specifically in member/list.php. The vulnerability is triggered via the aidDB[] parameter, allowing remote attackers to execute arbitrary SQL commands. This is a root-cause-driven issue in the application’s handling of user-supplied input...

CVE-2011-1064

SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB parameter...