16 matches found
EUVD-2020-11208
Malware in sbrugna...
CVE-2020-19303
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-19303
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-19303
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-19303
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-19303
CVE-2020-19303 affects hdcms 5.7, where the vulnerability resides in the /fileupload.php endpoint. An attacker can upload a crafted file, triggering arbitrary code execution on the server. The CVE is documented across multiple sources (NVD, Red Hat, CVE listings, and related advisories) with expl...
hdcms 代码问题漏洞
hdcms is an application software. PC, WAP, WeChat public number, WeChat small program multi-platform application system built on the Laravel framework. A security vulnerability exists in hdcms 5.7, which can be exploited by an attacker to execute arbitrary code via a crafted file...
Command Execution Vulnerability in HDCMS v2.0
HDCMS is a content management system software package developed in PHP+Mysql. It provides customers with powerful and complete functionality to accomplish rapid website development. A command execution vulnerability exists in HDCMS v2.0, which can be exploited by an attacker to gain control of a...
SQL Injection Vulnerability in HDCMS v2.0 siteId Function
HDCMS is a content management system software package developed in PHP+Mysql. It provides customers with powerful and complete functionality to accomplish rapid website development. A SQL injection vulnerability exists in the HDCMS v2.0 siteId function, which can be exploited by remote attackers ...
HDCMS v2.0 suffers from SQL injection vulnerability (CNVD-2018-24676)
HDCMS is a content management system software package developed in PHP+Mysql. It provides customers with powerful and complete functionality to accomplish rapid website development. HDCMS v2.0 suffers from a SQL injection vulnerability, which can be exploited by remote attackers to obtain sensiti...
Directory Traversal Vulnerability in HDCMS v2.0
HDCMS is a content management system software package developed in PHP+Mysql. It provides customers with powerful and complete functionality to accomplish rapid website development. A directory traversal vulnerability exists in HDCMS v2.0. An attacker can exploit this vulnerability to obtain...
SQL Injection Vulnerability in HDCMS v2.0
HDCMS is a content management system software package developed in PHP+Mysql. It provides customers with powerful and complete functionality to accomplish rapid website development. HDCMS v2.0 version has a SQL injection vulnerability, which can be exploited by remote attackers to obtain sensitiv...
SQL Injection Vulnerability in hdcmsv1.2 System
HDCMS is a content management system package written in PHP , the database using Mysql. to provide powerful , complete functionality to complete the rapid development of the site . HDCMS system version 1.2 SQL injection vulnerability, remote attackers can exploit the vulnerability to obtain...
Hdcms framework foreground wd parameter has SQL injection vulnerability
HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the frontend wd parameter of the hdcms framework, due to the program failing to adequately filter the wd parameter and only doing the corresponding code audit on the source code. An attacker is...
SQL Injection Vulnerability in hdcms Framework rname Parameter
HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the rname parameter of the hdcms framework, as the program fails to adequately filter the rname parameter and only does corresponding code auditing on the source code. An attacker is allowed to...
HDCMS内容管理系统 spacecontroller.class.php 参数username SQL注入漏洞
0x01漏洞简介 HDCMS内容管理系统在文件spacecontroller.class.php处的参数username存在SQL注入漏洞。 0x02漏洞详情 member/controller/spacecontroller.class.php public function init //用户名 if $username = Q'username' $uid = M'user'-where"username='$username'"-getField'uid'; goU"index", array'uid' = $uid; $this-uid = Q'uid', 0, 'intval...