PT-2019-14893 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue concerns the use of an unsanitized query string variable in the file appcontactscontact edit.php, which is reflected in HTML and leads to a cross-site scripting XSS issue. This occurs when...

Panmicro e-cology v8 SQL Injection Vulnerability

Panmicro collaborative management application platform e-cology is a set of collaborative business platform. A SQL injection vulnerability exists in the id parameter of the Panmicro e-cology oa system/hrm/resource/HrmResourceContactEdit.jsp page, which allows an attacker to elevate the privileges...

U-Mail某处sql注射漏洞

简要描述： U-Mail sql注射 U-mail 进行了文件更新其他的漏洞已经被修补了 但是还有一处没有进行修补 详细说明： oconcat.php: if ACTION == "contact-edit" $contactid = gss $GET'id' ; $grouplist = explode ",", trim $POST'grouplist' ; $groupchange = gss $POST'groupchange' ; if !$contactid && !checkpost dumpjson array "status" = 0, "message" =...

Splendid CRM Cross Site Scripting

Description : Splendid CRM Software, Inc. open source crm vendor:http: http://demo.splendidcrm.com/ author:provensec type:stored xss exploit: 1 Goto contact edit page for example http://demo.splendidcrm.com/Contacts/edit.aspx?ID=cb4bb68f-0233-41b3-87cb-2c6469a29f16 2 Edit the first name field wit...