Lucene search
K

137 matches found

Cvelist
Cvelist
added 2024/01/12 8:27 p.m.21 views

CVE-2023-51698 Atril's CBT comic book parsing vulnerable to Remote Code Execution

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

9.6CVSS9.6AI score0.0234EPSS
Exploits2References4
OSV
OSV
added 2023/06/14 7:15 a.m.5 views

CVE-2023-3235

A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function picapi of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploi...

8.8CVSS5.5AI score0.00701EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2023/02/11 12:33 p.m.19 views

taiwan-comic-city.taicca.tw Cross Site Scripting vulnerability OBB-3190460

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2022/12/05 5:15 p.m.3 views

CVE-2022-3856

The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

7.2CVSS5.8AI score0.00964EPSS
Exploits2References2
CVE
CVE
added 2022/12/05 4:50 p.m.56 views

CVE-2022-3856

Summary: CVE-2022-3856 affects the WordPress plugin “Comic Book Management System” prior to version 2.2.0. The issue is a SQL injection caused by not sanitizing/escaping a parameter before it is used in a SQL statement, enabling exploitation by users with a role as low as Admin (no user interacti...

7.2CVSS7.2AI score0.00964EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/05 4:50 p.m.3 views

CVE-2022-3856 Comic Book Management System < 2.2.0 - Admin+ SQLi

The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

7.5AI score0.00964EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.2 views

WordPress plugin Comic Book Management System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

7.2CVSS7.2AI score0.00964EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.4 views

PT-2022-24455 · WordPress · Comic Book Management System

Name of the Vulnerable Software and Affected Versions: The Comic Book Management System WordPress plugin versions prior to 2.2.0 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This ca...

7.2CVSS7.1AI score0.00964EPSS
Exploits2References6
wpexploit
wpexploit
added 2022/11/14 12:0 a.m.621 views

Comic Book Management System < 2.2.0 - Admin+ SQLi

The plugin does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. https://example.com/wp-admin/admin.php?page=cbmsweeklypicksadmin&action=updatepicks&id=1+AND+SELECT+7741+FROM+SELECTSLEEP3hlAf POST...

7.2CVSS0.4AI score0.00964EPSS
Exploits2References1
Openbugbounty
Openbugbounty
added 2022/10/07 3:59 a.m.12 views

merrickcomic.co.uk Cross Site Scripting vulnerability OBB-2981007

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2022/07/12 9:36 a.m.11 views

wisconsincomicconvention.com Cross Site Scripting vulnerability OBB-2762919

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Trellix
Trellix
added 2022/07/06 12:0 a.m.55 views

The Bug Report – June 2022 Edition

The Bug Report – June 2022 Edition By Trellix · July 6, 2022 This story was also written by Sam Quinn. Your Cybersecurity Comic Relief Why am I here? Why do all the most critical vulnerabilities always have to come out on holidays? Just like clockwork, CVE-2022-26134 came out over the U.S.’...

9.8CVSS9.6AI score0.99999EPSS
Exploits140
CNNVD
CNNVD
added 2022/03/27 12:0 a.m.4 views

xiaohuanxiong CMS SQL注入漏洞

xiaohuanxiong is an open source comic CMS by guoguo individual developers. xiaohuanxiong version 1.0 is vulnerable to SQL injection, which originates from the id parameter in /app/controller/Books.php. No detailed vulnerability details are available...

9.8CVSS5.8AI score0.00941EPSS
Exploits1References3
Fedora
Fedora
added 2022/03/26 3:34 p.m.18 views

[SECURITY] Fedora 36 Update: python-PyMuPDF-1.19.5-2.fc36

This is PyMuPDF, a Python binding for MuPDF - a lightweight PDF and XPS viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and fiction book formats, and it is known for its top performance and high rendering quality. With PyMuPDF you therefore can also access files with extensions...

7.3AI score
Exploits0
CNVD
CNVD
added 2022/03/25 12:0 a.m.20 views

xiaohuanxiong CMS cross-site request forgery vulnerability

xiaohuanxiong CMS is a comic book CMS. xiaohuanxiong CMS version 5.0.17 is vulnerable to cross-site request forgery, which stems from a WEB application that does not sufficiently validate that the request is from a trusted user. An attacker could use this vulnerability to modify the password of t...

4.3CVSS6.3AI score0.00405EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2017-0244)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.50826EPSS
Exploits9References4
Schneier on Security
Schneier on Security
added 2021/12/10 10:5 p.m.16 views

Friday Squid Blogging: The Far Side Squid Comic

The Far Side is always good for a squid reference. Heres a recent one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
CNVD
CNVD
added 2021/07/07 12:0 a.m.12 views

Mccms has a file upload vulnerability

Mccms is a comic + novel system developed using the Ci framework as its core. Mccms has a file upload vulnerability that can be exploited by attackers to gain control of the server...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/07/06 12:0 a.m.8 views

Arbitrary File Deletion Vulnerability in Man City CMS

Man City CMS program is a complete and powerful rapid site building system developed with the core of CI framework and running in PHP MYSQL environment. ManCity CMS has an arbitrary file deletion vulnerability, which can be exploited by attackers to delete files arbitrarily...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/07/04 12:0 a.m.5 views

Mccms has a flawed logic vulnerability

Mccms is a comic + novel system developed using the Ci framework as its core. Mccms has a logic flaw vulnerability that can be exploited by attackers to modify the payment amount...

7AI score
Exploits0
Rows per page
Query Builder