60 matches found
EUVD-2022-2531
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-2041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparin...
Unspecified vulnerability in baijiacms
baijiacms is a content management system CMS for e-commerce. A security vulnerability exists in the baijiacms version, which stems from a Remote Code Execution RCE vulnerability in includes/baijiacms/common.inc.php. No details of the vulnerability are available at this time...
CVE-2022-45942
A Remote Code Execution RCE vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4...
PT-2022-27696 · Baijiacms · Baijiacms
Name of the Vulnerable Software and Affected Versions: baijiacms version v4 Description: A Remote Code Execution RCE vulnerability was found in includes/baijiacms/common.inc.php. Recommendations: For baijiacms version v4, consider restricting access to the includes/baijiacms/common.inc.php file...
CVE-2022-45942
A Remote Code Execution RCE vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4...
GHSA-5868-G58J-VRJ5 phpMyAdmin Improper Privilege Management
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...
phpMyAdmin Improper Privilege Management
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...
CVE-2018-19836
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...
Remote code execution
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...
Mastery oa 2015 \inc\common.inc.php approve_finish function injection vulnerability
Recently made public measured when encountered on a system, The 2015 version of the latest update date: 2016-07-22 Injection the analysis \inc\common.inc.php ? php function SecureRequest&$var if isarray$var foreach $var as $k = $v $var$k = securerequest$v; else if 0 strlen$var &&...
Metinfo5.3.1 admin/include/common.inc.php SQL Injection
No description provided by source...
CVE-2016-2041
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...
CVE-2016-2041
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...
MetInfo 5.2 /admin/include/common.inc.php 代码执行漏洞
/admin/include/common.inc.phpif!isarray$metlangadmin$GETlangset&&$GETlangset!=''die'not have this language'; if$GETlangset!='' $GETlangset=daddslashes$GETlangset,0,1; changemetcookie'languser',$GETlangset; savemetcookie; $M'user''cookie' = $metcookie; $metinfoadminname =...
CVE-2014-9218
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service resource consumption via a long password...
DedeEIMS /include/common.inc.php 登陆绕过漏洞
No description provided by source...
Destoon最新全版本通杀SQL注入漏洞
简要描述: Destoon最新全版本通杀注入漏洞 详细说明: /common.inc.php 64行: ------------------------------------------------------------------------------------- if$POST $POST = stripsql$POST; //stripsql过滤 if$GET $GET = stripsql$GET; if$COOKIE $COOKIE = stripsql$COOKIE; ......... if$POST extract$POST, EXTRSKIP; //注册变量...
dedecms local file inclusion and Lilu-path leaked 0day-vulnerability warning-the black bar safety net
Dinner eating support, scan the following code digestion digestion. Recently Php0day group where the brothers are in the discussion of the dede hole more quickly under a jacket, with editplus search for a few keywords, and sure enough found some problems. Saying usually write code also like to us...
PHPCMS 2008 /yp/web/include/common.inc.php 命令执行漏洞
No description provided by source...