Scilico I, Librarian server-side request forgery vulnerability (CNVD-2018-06447)

Scilico I, Librarian is the United States Scilico company a set of online PDF document management system. A security vulnerability exists in the 'url' parameter of getFromWeb in the functions.php file in Scilico I, Librarian 4.8 and earlier versions. An attacker can exploit this vulnerability to...

Server side request forgery (ssrf)

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources...

CVE-2018-1000138

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources...

CVE-2018-1000138

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources...

CVE-2018-1000138

CVE-2018-1000138 affects Librarian (I, Librarian) 4.8 and earlier. The vulnerability is a server-side request forgery (SSRF) in the URL parameter of getFromWeb in functions.php, enabling an attacker to abuse server functionality to read or update internal resources. The available connected record...

Design/Logic Flaw

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfilteredhtml capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file...

CVE-2017-17092

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfilteredhtml capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file...

CVE-2017-17092

WordPress

CVE-2017-17092

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfilteredhtml capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file...

CVE-2017-14766

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fnssraddstsubmit function and fnssrdelstsubmit function in functions.php only require knowing the student id number...

CVE-2017-14766

The CVE-2017-14766 issue affects the WordPress Simple Student Result plugin before 1.6.4. It is an Authentication Bypass caused by fn_ssr_add_st_submit() and fn_ssr_del_st_submit() in functions.php that only require a student id number to perform actions, enabling updates or deletions of student ...

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

WordPress functions.php theme file Backdoor vulnerability

No description provided by source...

CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. PoC sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

MyBB 1.6.x < 1.6.11 Multiple Vulnerabilities

Binary data 8613.prm...

Empirebak /class/functions.php 代码执行漏洞

No description provided by source...

Sql injection

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 password, 2 email, or 3 id parameter...