GHSA-XJ9J-GJXG-7JVQ REDAXO CMS is vulnerable to RCE attack through its template management component

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

LogicalDOC Community Edition 代码注入漏洞

LogicalDOC Community Edition is a documentation system from the Italian company LogicalDOC. A code injection vulnerability exists in LogicalDOC Community Edition 9.2.1 and earlier versions, which arises from incorrect manipulation of the parameters First Name/Last Name/Company/Address/Phone/Mobil...

CVE-2024-50810

hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...

CVE-2024-50810

hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting PoC On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E...

jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. PoC Put the following payload in the 'Quote String' or 'Reply String' setting...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend re***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL injection vulnerability in the frontend Ti***_ne***.aspx page of Qixing Trouble Repair System

Qixing Fault Reporting System is a platform based on ASP.NET language to help organizations to report faults. A SQL injection vulnerability exists in the frontend Tine.aspx page of the Qixing Fault Reporting System, which can be exploited by attackers to obtain sensitive information from the...

SQL Injection Vulnerability in Heybbs Frontend us***.php Page

Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs front us.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

74cms 4.2.26 SQL Injection Vulnerability in Frontend Co***.php Page

Knight Talent System 74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. 74cms 4.2.26 SQL injection vulnerability exists in the frontend Co.php page. An attacker can exploit the vulnerability to obtain sensitive information from the...

XSS vulnerability in Popojicms frontend co***.php page

PopojiCMS is an open source content management system CMS based on the Popoji framework. Popojicms front co.php page has an XSS vulnerability that can be exploited by attackers to inject arbitrary Web script or HTML...

SQL injection vulnerability in yiqicms frontend pr***.php file

Yiqicms is a SEO-based marketing enterprise website system, using PHP+Mysql open source building system. There is a SQL injection vulnerability in the front pr.php file of yiqicms. Attackers can use this vulnerability to obtain sensitive information...

SemCms foreign trade website management system (PHP version) front co***.php page has xss vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox, google, 360 and other mainstream browsers. SemCms foreign trade website management system PHP version front co.php page there are xss...

WMCMS V4.250.513 SQL Injection Vulnerability in Frontend pa***.php Page

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS V4.250.513 SQL injection vulnerability exists in the front pa.php page, which can be exploited by attackers to obtain sensitive database information...

WMCMS V4.250.513 SQL Injection Vulnerability in Frontend ca***.php Page

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS V4.250.513 SQL injection vulnerability exists in the front ca.php page, which can be exploited by attackers to obtain sensitive database information...

Ctcms frontend cs***.php page has SQL injection vulnerability

Ctcms is a fast website building system that runs on PHP+MYSQL environment. A SQL injection vulnerability exists in the Ctcms frontend cs.php page. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in the Frontend Po***.aspx Page of eDoc Electronic Document Library

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. Electronic document library eDoc foreground Po.aspx page there is a SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in the Frontend Do***.aspx Page of eDoc Electronic Document Library

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. Electronic document library eDoc front Do.aspx page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in the Frontend Do***.aspx Page of eDoc Electronic Document Library

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. Electronic document library eDoc front Do.aspx page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

SQL injection vulnerability in the sl***.aspx page of the Bid frontend of Qixing bidding system Bid (CNVD-2019-06238)

Qixing Bidding System Bid is a system suitable for enterprises to collect information on bidding information of government procurement, engineering construction, land grant, etc., and to track the progress of works and payment of successful projects. A SQL injection vulnerability exists in the...