EUVD-2025-205772

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2022-48889

Malicious code in bioql PyPI...

Emlog Cross-Site Scripting Vulnerability (CNVD-2023-36305)

emlog is a PHP and MySQL based CMS builder for emlog personal developers. A cross-site scripting vulnerability exists in Emlog Pro v2.0.3. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary We...

novel-plus SQL injection vulnerability (CNVD-2023-32195)

novel-plus novel boutique-plus is a multi-end PC, WAP reading, functional original literature CMS system. novel-plus version 3.6.2 suffers from a SQL injection vulnerability, which originates from a problem with the file /author/list?limit=10&offset=0&order=desc, where the operation of the...

novel-plus SQL injection vulnerability (CNVD-2023-32774)

novel-plus novel boutique-plus is a multi-end PC, WAP reading, functional original literature CMS system. novel-plus version 3.6.2 suffers from a SQL injection vulnerability, which originates from a problem with the file /category/list?limit=10&offset=0&order=desc, where the operation of the...

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Vulnerability

Exploit Title: Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Exploit Author: nu11secur1ty Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite Description: The...

Sql injection

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks...

CVE-2021-37270

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority...

MetInfo File Modification Vulnerability

MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...

The cybercrime ecosystem: attacking blogs

Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat...

S-CMS e-commerce system aj***.php page M_fen parameter has SQL injection vulnerability

S-CMS e-commerce system is an e-commerce software. S-CMS e-commerce system aj.php page Mfen parameter SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information...

Unauthorized Access Vulnerability in TFXK.CMS System

Sichuan Tianfu Star Network Technology Co., Ltd. is an e-commerce platform construction and operation enterprise. Unauthorized access vulnerability exists in TFXK.CMS system, which allows attackers to arbitrarily add administrator accounts and leak data information...

SQL Injection Vulnerability in the User Information Modification Interface of S-CMS School Building System

S-CMS school station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. A SQL injection vulnerability exists in the user information modification interface of S-CMS. An attacker can exploit the vulnerability ...

Design Logic Vulnerabilities in Tianchu Information Technology Limited's Construction CMS System

Tianchu Information Technology Co., Ltd. is a technical company dedicated to website construction and operation, educational software development and e-commerce platform operation. A design logic vulnerability exists in Tianchu Information Technology Limited's construction CMS system, allowing...

SQL Injection Vulnerability in Anhui Business Network CMS System

A SQL injection vulnerability exists in the CMS system of Anhui Business Network. An attacker can exploit the vulnerability to obtain sensitive information from the database...

LiveCMS <= 3.4 (categoria.php cid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title LiveCMS = 3.4 SQL Injection, Absolute Path Disclosure, XSS Injection, Arbitrary File Upload...

逐浪CMS SQL Update/CMS2 V1.3 V1.4 V1.5、 CMS6.0均受影响

简要描述： 话说 上次提交直接给忽略 那只好拿官方Demo做测试 另外此洞在2008年就已经存在 详细说明： 此问题为UPdate类型 文件 /user/usershop/StockList.aspx 问题参数 Item 问题代码如下 protected void Button3Clickobject sender, EventArgs e string text = base.Request.Form"Item"; if !string.IsNullOrEmptytext && this.bll.delstocktext------------------此处...

DEDECMS website management system template execution vulnerability-vulnerability warning-the black bar safety net

DEDECMS website management system template execution vulnerability One not careful, your server will be hacked, such as database password is too simple, the server password is too simple, or CMS system vulnerabilities. The following is a DEDE of the template execution vulnerability. Vulnerability...

PHP168 a magical loophole, you can query any user data-bug warning-the black bar safety net

Brief description: Country micro-PHP168 appeared a magic array, can cause the whole station to the user data leakage. The leaked content includes total Station user passwords in cipher text, email, password, salt, IP and other sensitive information. Detailed description: PHP168 program...

Set sail communication corporate website CMS system v1. 9 vulnerability 0day-vulnerability warning-the black bar safety net

sql injectionvulnerability 0day News Page Specific EXP is: javascript:alertdocument. cookie=”id=”+escape“2 2 0 union select 1,username,password,4,5,6,7,8,9,1 0 from admin”;...