Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/12/23 12:0 a.m.12 views

Upgraded Q -> M from #4 [1671756144822]

Judge has assessed an item in Issue 4 as M risk. The relevant finding follows: GroupBuy: Insertion timestamp ignored The documentation states that "If the users have the same quantity as well, the bid that was placed later will have Raes removed.". However, with the current implementation, this i...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2014/10/24 12:0 a.m.26 views

TinyRise 最新版注射获取敏感信息

简要描述: TinyRise 最新版注射获取敏感信息 详细说明: 主要问题出在filterclass.php: public static function text$str $config = HTMLPurifierConfig::createDefault; $cachedir=Tiny::getPath'cache'."/htmlpurifier/"; if!fileexists$cachedir File::mkdir$cachedir; $config = HTMLPurifierConfig::createDefault; //配置 缓存目录...

7AI score
Exploits0
myhack58
myhack58
added 2014/09/12 12:0 a.m.18 views

Ecmall several SQL injection vulnerability-vulnerability warning-the black bar safety net

Search, find/app/sellergroupbuy. app. php there are 6 injection: Are the files under the drop,start,finished,desc,cancel,logfunction in the id parameter To finished , for example: function finished $id = empty$GET'id' ? 0 : $GET'id';//id parameter is not filtered if !$ id...

1.1AI score
Exploits0
myhack58
myhack58
added 2013/05/03 12:0 a.m.19 views

The top-dimensional group buy navigation sql injection vulnerability analysis-vulnerability warning-the black bar safety net

Just opened, it is found that their number is blacklisted, the speed of the back posts, the tension?, the speed got a system to look at, okay, I admit I just looked under the array is not filtered directly submitted to the query statement, the vulnerability to ask in the userModule. class. php fi...

0.4AI score
Exploits0
Rows per page
Query Builder