16 matches found
Input Validation
typo3/cms-backend is vulnerable to Input Validation. The vulnerability is due to a lack of proper validation checks on user input, allowing for the manipulation of data saved in the bookmark toolbar and triggering errors that disrupt access to the backend user interface...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to insufficient input validation of the data saved in the bookmark toolbar. This can cause a general error state, blocking further access to the interface. Details Denial of Service DoS describes a family of...
SQL Injection Vulnerability in Ocean CMS Backend (CNVD-2020-33134)
Ocean CMS is a web content management system based on PHP+MYSQL architecture that can run across platforms. There is a SQL injection vulnerability in the backend of Ocean CMS, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in ZZCMS Backend ba***.php File
zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the ba.php file in the backend of ZZCMS, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in the backend of Phaidron cms
Phoenitron CMS is a set of rapid website building program developed by Phoenitron Network, which is suitable for small and medium-sized enterprises and individuals to build their own websites quickly. SQL injection vulnerability exists in the backend of Phaidron CMS, which can be exploited by...
Code Execution Vulnerability in the Backend of Phaidron CMS
Phoenitron CMS is a set of rapid website building program developed by Phoenitron Network, which is suitable for small and medium-sized enterprises and individuals to build their own websites quickly. Code execution vulnerability exists in the background of Phaidron CMS, which can be exploited by...
SQL Injection Vulnerability in the co***.php file of Yunye CMS Backend
Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. There is a SQL injection vulnerability in the background co.php file of Yunye CMS. Attackers can use the vulnerability to obtain sensitive information in the database...
Code Execution Vulnerability in XYHCMS Backend
XYHCMS is an open source CMS content management system. There is a code execution vulnerability in the background of XYHCMS, which can be exploited by an attacker to add malicious code in site.php, so that the attacker can gain access to the target terminal...
SQL injection vulnerability in the Ta***.cl***.php file in the backend of Dream CMS
Dream CMS short for "lmxcms" is an open source website management system cms with no license restrictions. A SQL injection vulnerability exists in the Ta.cl.php file in the background of Dream CMS. Attackers can use the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in the ca***.php file of Yunye CMS Backend
Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. There is a SQL injection vulnerability in the background ca.php file of Yunye CMS. Attackers can use the vulnerability to obtain sensitive information in the database...
Code execution vulnerability in seacms backend (CNVD-2019-43688)
Ocean CMS seacms is a video-on-demand system based on PHP+MySql technology. There is a code execution vulnerability in the backend of seacms, which can be exploited by attackers to gain server privileges...
SQL injection vulnerability in the C***_fi*** parameter of aj***.php page in the background of S-CMS government website system.
S-CMS is a content management system CMS based on PHP and MySQL. There is a SQL injection vulnerability in the Cfi parameter of the aj.php page in the background of the S-CMS government website building system, which can be exploited by an attacker to obtain sensitive information from the databas...
S-CMS enterprise website building system backend C_da*** parameter exists SQL injection vulnerability
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is a SQL injection vulnerability in the Cda parameter in the background of S-CMS enterprise website building system. Attackers...
S-CMS enterprise website builder system backend P_br*** parameter exists SQL injection vulnerability
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is a SQL injection vulnerability in the Pbr parameter in the background of S-CMS enterprise website building system. Attackers...
Page code execution vulnerability in MLECMS backend s***_uc***r.php
MLECMS is a multilingual, free and open source content management system. A page code execution vulnerability exists in the MLECMS backend sucr.php. An attacker can exploit the vulnerability to write a webshell to a user-accessible php page to gain server control privileges...
Authentication Bypass Vulnerability in S-CMS Backend
S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. There is an authentication bypass vulnerability in the S-CMS backend and two sensitive files. The vulnerability is caused by the system's failure to accurately verify cookie information, and an attacker...