GHSA-2453-MPPF-46CJ Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE : CVE-2019-13493 Vendor...

Japanese Dating compensated Dating CMS injection vulnerability-vulnerability warning-the black bar safety net

Find mining on the network vulnerabilities is not what is the problem with the light thing, but because of the political issues to the invasion of Japan website, nor what glorious things will only become cannon fodder. You think you're out of breath, in fact you and I have what difference. Front...

Knight cms injection, and the background to get shell-vulnerability warning-the black bar safety net

0x1 arbitrary user login 0x2 blind 0x3 background holding shell 0x4 random function problem Detailed description: 0x1 arbitrary user login user/login.php elseifempty$SESSION'uid' || empty$SESSION'username' || empty$SESSION'utype' && $COOKIE'QS''username' && $COOKIE'QS''password' && $COOKIE'QS''ui...