JVN#17645965: PowerCMS XMLRPC API vulnerable to OS command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by a remote attacker. Solution In the case that not using XMLRPC API: If using as CGI/FCGI Delete mt-xmlrpc.cgi or remove execute permission to...

JVN#68340046: intra-mart vulnerable to open redirect

intra-mart is a software framework for creating web applications. intra-mart contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply t...