portfolioCMS 竞争条件问题漏洞

PortfolioCMS is Bootstrap portfolio website with admin panel. A competitive condition vulnerability exists in portfolioCMS version 1.0.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the fileExt parameter of localhost/admin/uploads.php...

PT-2023-12283 · Unknown · Portfoliocms

Name of the Vulnerable Software and Affected Versions: portfolioCMS version 1.0 Description: A race condition issue allows remote attackers to execute arbitrary code by exploiting the fileExt parameter in the localhost/admin/uploads.php API endpoint. Recommendations: For portfolioCMS version 1.0,...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Date: July 11, 2019 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE : CVE-2019-13493 Vendor...