14 matches found
PT-2026-20264
Name of the Vulnerable Software and Affected Versions jizhicms version 2.5.6 Description The software contains a SQL Injection issue in the 'Article/deleteAll' and 'Extmolds/deleteAll' functionalities. The issue is triggered through the data parameter. Recommendations Update to a newer version th...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
CVE-2025-70397
CVE-2025-70397 affects jizhicms 2.5.6. The vulnerability is a SQL Injection in two endpoints, Article/deleteAll and Extmolds/deleteAll, exploitable via the data parameter. Connected sources confirm the affected software and endpoints and mention a fix/update path in vendor advisories; no exploit ...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
In JIZHICMS up to version 2.5.5, the Batch Delete Comments component exposes an SQL injection through the file /index.php/admins/Comment/deleteAll.html via the functions deleteAll, findAll, and delete. The issue is triggered by manipulated input and can be exploited remotely. Public exploit infor...
CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2020-20290
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability...
yccms project 路径遍历漏洞
YCCMS is a Php-based lightweight CMS builder from the Yccms team. YCCMS 3.3 has a path traversal vulnerability, which stems from an error in the judgment of request parameters by the delete, deletesite, and deleteAll functions. No detailed vulnerability details are available...
GitLab: State filter in IssuableFinder allows attacker to delete all issues and merge requests
Vulnerability details The state filter in the IssuableFinder class has the ability to filter issues and merge requests by state. This filter is implemented by calling publicsend with unfiltered user input. This allows an attacker to call deleteall or destroyall. Because the method is called befor...
Woltlab Burning Board多个输入验证漏洞
BUGTRAQ ID: 34057 WoltLab Burning Board是一款可自定义的论坛程序。 WoltLab Burning Board没有执行任何有效性检查便允许用户通过HTTP请求执行某些操作,如果登录用户访问了恶意网页便可以将保密消息移动到回收站。 WoltLab Burning Board的wcf/acp/dereferrer.php模块没有验证对url参数的输入便返回给了用户,远程攻击者可以通过提交恶意请求导致在用户浏览器会话中执行任意HTML和脚本代码。 Woltlab Burning Board 3.0.x 厂商补丁: Woltlab -------...
CVE-2008-0471
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...
CVE-2008-0471
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...
CVE-2008-0471
Cross-site request forgery CSRF vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages PM as arbitrary users via a deleteall action...