Minfotech CMS 2.0 SQL Injection

==================================================================================================================================== | Title : Minfotech CMS v2.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

Desenvolvido C3iM CMS 2.0 Cross Site Scripting

==================================================================================================================================== | Title : Desenvolvido C3iM CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | ...

Atom CMS 2.0 SQL Injection

Exploit Title: Atom CMS v2.0 - SQL Injection no auth Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Windows 10...

CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

CVE-2022-25489

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...

Sql injection

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

Cross site scripting

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...

CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

CVE-2022-25488

Atom CMS v2.0 contains a SQL injection via the id parameter in /admin/ajax/avatar.php. The vulnerability arises from unsafely concatenated SQL in this endpoint, enabling arbitrary SQL execution and potentially data disclosure or modification. Public descriptions from multiple sources corroborate ...

CVE-2022-25489

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...

GHSA-6GJF-7W99-J7X7 Deleted Admin Can Sign In to Admin Interface

Impact Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0. Patches The issue has been patched in v2.1.12 Workarounds - Reset the password of the deleted accounts to prevent them from signing in. - Plea...

zKup CMS 2.0 <= 2.3 - Remote Upload Exploit

No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit upload Credits: Charles real F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need...

[email protected] CMS v2.0 <= (ShellUpload/LFI) Multiple Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Opial CMS 2.0 - Multiple Vulnerabilities

Title: ====== Opial CMS v2.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=522 VL-ID: ===== 522 Introduction: ============= Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video...

Opial CMS 2.0 XSS / SQL Injection / Shell Upload

Title: ====== Opial CMS v2.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=522 VL-ID: ===== 522 Introduction: ============= Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video...

Opial CMS v2.0 - Multiple Web Vulnerabilities

Document Title: =============== Opial CMS v2.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=522 Release Date: ============= 2012-04-26 Vulnerability Laboratory ID VL-ID: ==================================== 522 Product &...

AiCart 2.0 CMS - Multiple Critical Web Vulnerabilities

Document Title: =============== AiCart 2.0 CMS - Multiple Critical Web Vulnerabilities Release Date: ============= 2011-06-21 Vulnerability Laboratory ID VL-ID: ==================================== 203 Product & Service Introduction: =============================== AiCart shopping cart software i...

Bizon-CMS 2.0 - &#039;Id&#039; SQL Injection

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability Bizon-CMS V2.0 index.php Page AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : Bizon-CMS version : V2.0 site : www.bizon-soft.com -:: SQL ::- www.site.com/photo/...

zkup-upload.txt

!/usr/bin/php Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need explanations: First, we can use administration without being admin see ./admin/configuration/modifier.php Then, when we add an admin, it is save...