CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

CVE-2020-37186

CVE-2020-37186 affects Chevereto 3.13.4 Core. The vulnerability arises in the database configuration installation where the database table prefix parameter can be manipulated to write a PHP shell file and execute arbitrary system commands via a crafted POST request. Impact is high: remote code ex...

EUVD-2008-1918

Malware in sbrugna...

SUSE CVE-2015-9230

In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter...

WordPress BulletProof Security Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports setting up personal blog sites on PHP and MySQL servers.BulletProof Security is one of the security plug-ins against brute-force cracking. A cross-site scripting vulnerability exists in the...

ThinkSNS某操作泄露数据库表前缀

简要描述： ThinkSNS某操作提交地址直接返回执行的SQL语句可获得数据库表前缀（影响不大） 详细说明： http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile 个人设置的标签设置和基本信息 此提交地址 每次提交数据 返回时都将DB层SQL语句返回 可知网站数据表前缀 漏洞证明： http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

MyHobbySite 1.01 SQL Injection / Authentication Bypass Vulnerability

Exploit for php platform in category web applications ==================================================================== MyHobbySite 1.01 SQL Injection / Authentication Bypass Vulnerability ==================================================================== Exploit Title: MyHobbySite 1.01 SQL...

CVE-2008-7186

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...

CVE-2008-1918

SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magicquotesgpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submitinfo parameter in a link submission action. NOTE: it was later...

FreeBSD : wordpress -- XMLRPC SQL Injection (0838733d-1698-11dc-a197-0011098b2f36)

Secunia reports : Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the 'wp.suggestCategories' method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to...

wordpress -- XMLRPC SQL Injection

Secunia reports: Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "wp.suggestCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to...

MyBB 1.0.2 Sniffing table perfix bug in search.php

--------------------Summary---------------- Software: mybb Sowtware's Web Site: http://mybboard.com Versions: 1.0.2 Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei Risk: low -----------------Description--------------- mybb has a security bug that...