EUVD-2009-3778

Malware in sbrugna...

DEDECMS 5.1 /plus/feedback_js.php SQL注入漏洞

No description provided by source...

Dedecms 5.1 story_add_content_action.php 文件上传漏洞

No description provided by source...

织梦(Dedecms) 5.1 feedback_js.php 注入漏洞

同样是在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...

Sql injection

SQL injection vulnerability in feedbackjs.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter...

CVE-2009-3806

SQL injection vulnerability in feedbackjs.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter...

CVE-2009-3806

CVE-2009-3806 describes an SQL injection in DedeCMS 5.1, specifically in feedback_js.php where the arcurl parameter can be manipulated to execute arbitrary SQL commands. The issue is exploitable remotely and can impact confidentiality, integrity, and availability according to the provided metrics...

织梦(DEDECMS) 5.1 plus/feedback_js.php存在注入漏洞

在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...

DedeCMS 5.1 SQL Injection

No description provided by source. Securitylab.ir Application Info: Name: DEDECMS Version: 5.1 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Vulnerability Risk: Medium...