63 matches found
Automad Code Injection Vulnerability
Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...
CVE-2023-34452
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
CVE-2023-34251
Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...
CVE-2023-34448 Grav Server-side Template Injection (SSTI) via Twig Default Filters
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...
Code injection
Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the...
automad 跨站脚本漏洞
automad is a flat file content management system and template engine. automad version 1.10.9 and prior versions contain a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting attacks...
Statamic 代码注入漏洞
Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. Statamic suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elemen...
XSS vulnerability in bludit-cms
bludit-cms is a flat file content management system. An XSS vulnerability exists in bludit-cms, which can be exploited by an attacker to obtain sensitive information such as user cookies...
Typesetter 跨站脚本漏洞
Typesetter is an open source CMS written in PHP with True WYSIWYG editing and flat file storage. Typesetter suffers from a cross-site scripting vulnerability. The vulnerability can be exploited to conduct cross-site scripting attacks via the className and Description fields in...
Grav CMS 1.7.10 - Code Execution Vulnerabilities
In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...
note-mark
Note Mark !License: AGPL V3https://img.shields.io/github/li...
WonderCMS 跨站脚本漏洞
WonderCMS is an open source, fast, small and simple flat file cms. A cross-site scripting vulnerability exists in the "Page Description" component of WonderCMS 3.1.3. An attacker can exploit this vulnerability to steal cookies...
WonderCMS HTTP Host Header Injection Vulnerability
WonderCMS is an open source, fast, small and simple flat file cms. WonderCMS 2.3.1 suffers from an HTTP host header injection vulnerability. An attacker can exploit the vulnerability to redirect pages...
Grimbb 1.3 Hash Disclosure Vulnerability
Exploit for php platform in category web applications Grimbb V1.3 User and Password Hash Disclosure ============================================== Discovered by NA, NAattutanota.com ======================================= Description ============ A PHP 4 Open Source Flat File Based Bulletin Board...
AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities
Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: ======================= AjaxExplorer v1.10.3.2 Manage server files through simple windows...
Feindura File Manager 1.0(rc) - Remote File Upload
No description provided by source. =================================================== Feindura File Manager 1.0rc - Remote File Upload =================================================== My + Author : KnocKout Contact : [email protected] Software info Web App. : Feindura - Flat File Content...
gpEasy CMS - XSS Vulnerability
gpEasy CMS, http://www.gpeasy.com/ Easy to use True WYSIWYG Editing. Flat-file data storage and advanced resource management for fast websites. 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /'...
PHP Flat File Guestbook Remote File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: Rfi PHP Flat File Guestbook Date: 11-08-2011 Author: RiRes Walid Vendor or Software Link: http://www.advancebydesign.com Version: 1.0 Google dork: Tested on: Xp sp2 ------------------------------------------------------------...
PHP Flat File Guestbook 1.0 - ffgb_admin.php Remote File Inclusion
PHP Flat File Guestbook 1.0 - ffgbadmin.php Remote File Inclusion source: https://www.securityfocus.com/bid/49138/info PHP Flat File Guestbook is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker...