EUVD-2018-2298

Malware in sbrugna...

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-09388)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS version 7.0. A remote attacker can add Column with the help of /admincp.php?app=articlecategory&do=save&frame=iPHP to exploit the...

XDcms Sql Injection 29-50

简要描述： Sql Injection 详细说明： 注入在XDCMS企业管理系统后台的栏目添加处，\system\modules\xdcms\category.php文件： 管理员在添加栏目和编辑栏目的时候会分别调用addsave和editsave函数，三个注入点就出现在这两个函数里： addsave函数,11个注入点： public function addsave $config=base::loadcache"cachesetconfig","config"; $catname=safehtml$POST'catname';//注入点1，大写可绕过...