bycms 跨站脚本漏洞

bycms is a simple, easy-to-use content management system. A cross-site scripting vulnerability exists in bycms v3.0.4, which originates from the title parameter in the edit function in Document.php...

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2017-2254

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input...

Mao10CMS V3.3.0 两处sql注入（官网demo测试）

简要描述： V3.3.0 两处sql注入。 详细说明： 发现mao10 用的是老版本的tp框架，于是乎注入就来了。。 1 /Application/User/Controller/IndexController.class.php public function edit$id=false if!isnumeric$id $id = mcuserid; ; ifisnumeric$id ifmcuserid==$id ifmcremovehtml$POST'title','all' $title =...

Ecmall somewhere SQL secondary injection of the third bomb-vulnerability warning-the black bar safety net

Although in 2 0 1 4 0 6 1 8 The Anti-implantation patch to add the anti-injection code, but still can barely get around. In app/mygoods. app. php function edit $id = empty$GET'id' ? 0 : intval$GET'id'; if ! ISPOST $this-assign'goods', $this-getgoodsinfo$id; / Get categories /...

Ecmall某处SQL二次注入第三弹

简要描述： 20140618 详细说明： 虽然在20140618的防注入补丁添加了防注入代码 但是还是能勉强绕过。 在app/mygoods.app.php中 function edit $id = empty$GET'id' ? 0 : intval$GET'id'; if !ISPOST $this-assign'goods', $this-getgoodsinfo$id; / 取得商品分类 / $this-assign'mgcategories', $this-getmgcategoryoptions0; // 商城分类第一级 $this-assign'sgcategories',...

91736cms cookie injection vulnerability-vulnerability warning-the black bar safety net

Re-read under 9 1 7 3 6 before that getip vulnerability has been patch on. 漏洞 文件 :system/modules/member/index.php public function edit ifempty$COOKIE'memberuser'||empty$COOKIE'memberuserid' showmsgC"adminnotexist","index. php? m=member&f=login"; $userid=$COOKIE'memberuserid';...

ezyhelpdesk Multiple Sql inj

ezyhelpdesk Multiple Sql inj. Vuln. dicovered by : r0t Date 23 nov. 2005 Original advisory:http://pridels.blogspot.com/2005/11/ezyhelpdesk-multiple-sql-inj.html Vendor:http://www.ezyhelpdesk.com affected version: 1.0 and prior Software description: ezyhelpdesk is an instrumental piece of software...

[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability

------------------------------------------------------------ itcp advisory 5 [email protected] http://www.it-checkpoint.net/advisory/5.html March 21th, 2002 - ------------------------------------------------------------ phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability...