Cross site scripting

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-25422

MARA CMS 7.5 is affected by a Cross-Site Scripting (XSS) vulnerability in the menuedit.php component. The issue arises from improper handling of user-supplied/output data in that module (lack of checksum filtering per CNVD-2021-84589). Several databases (NVD, Red Hat, CNVD, CNVD-2021-84589, CNNVD...

CVE-2020-25042

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated admin/manager session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php...

Design/Logic Flaw

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated admin/manager session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php...

CVE-2020-25042

CVE-2020-25042 concerns Mara CMS 7.5 where an authenticated admin/manager can upload PHP via codebase/handler.php after invoking codebase/dir.php?type=filenew, enabling arbitrary code execution. The vulnerability is triggered by an authenticated session and a crafted request; public exploit detai...

PT-2020-15905 · Mara · Mara Cms

Name of the Vulnerable Software and Affected Versions: Mara CMS version 7.5 Description: An issue exists that allows arbitrary file upload. To exploit this, an attacker needs a valid authenticated session and must make a "codebase/dir.php?type=filenew" request to upload PHP code to...

Mara CMS 7.5 - Reflective Cross-Site Scripting

Exploit Title: Mara CMS 7.5 - Reflective Cross-Site Scripting Google Dork: NA Date: 2020-08-01 Exploit Author: George Tsimpidas Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5 Tested on:...

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

Cross site scripting

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

CVE-2020-7357

CVE-2020-7357 relates to Cayin CMS where an authenticated OS semi-blind command injection is possible via the NTP_Server_IP/NTP IP parameter in system.cgi. The issue requires authentication (default credentials) and can allow execution of arbitrary shell commands as root. Affected are multiple Ca...

Code injection

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file...

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print...

RedDot CMS 7.5 - LngId SQL Injection

RedDot CMS 7.5 - LngId SQL Injection !/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print...

RedDot CMS 7.5 (LngId) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== RedDot CMS 7.5 LngId Remote SQL Injection Exploit =================================================== !/usr/bin/env python un-comment your selection. import urllib2 import urllib import...

RDdbenum.py.txt

!/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print "python RDPOC.py options URL" print...