52 matches found
Cross site scripting
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
CVE-2019-17046
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...
CVE-2019-17046
CVE-2019-17046 affects Ilch 2.1.22. The vulnerability arises because PHP is listed under “Allowed files” on the index.php/admin/media/settings/index page, enabling remote code execution. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, osv.dev, CVE listings) as a remote code exe...
CVE-2019-17045
The CVE-2019-17045 entry concerns Ilch CMS 2.1.22 with a stored XSS in the Jobs Tab, exploitable via the title, text, or email id fields. Root cause cited by CNVD-2019-42862 is lack of proper validation of client-side data. Consequences include execution of client-side code in authenticated conte...
CVE-2019-17045
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...
Ilch CMS Cross-Site Request Forgery Vulnerability
Ilch CMS is a Content Management System CMS developed by the Ilch team in Germany, which eliminates the need for users to understand programming languages, modules, design, etc. by providing a simple and scalable base system. A cross-site request forgery vulnerability exists in Ilch CMS. A remote...
CVE-2015-2083
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
CVE-2015-2083
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
CVE-2015-2083
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
CVE-2015-2083
CVE-2015-2083 describes a Cross-site Request Forgery (CSRF) in Ilch CMS. An attacker can exploit requests to admin.php with a profilefields action to add a value to a profile field, potentially hijacking an administrator’s session/authentication. The vulnerability is documented across multiple so...
Ilch CMS Cross Site Request Forgery
Affected software: Ilch cms Type of vulnerability: csrf URL: http://www.ilch.de/ Discovered by: Provensec Website: http://www.provensec.com Description: Ilch cms profile field csrf Proof of concept http://demo.opensourcecms.com/ilch/admin.php?profilefields online demo Above field was vulnerable t...
ilchClan 1.0.5 (regist.php) SQL Injection Vulnerabiility
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- / \ \ \ \ | | | / / / // |/ | ' \ \ \ // / | | | | | | / / / |||| || \ \ Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php /...
Ilch CMS 2.0 - Persistent XSS Vulnerability
No description provided by source...
Ilch CMS 1.1 'HTTP_X_FORWARDED_FOR' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33665/info Ilch CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Cross-Site Scripting (XSS) in Ilch CMS
Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...
CVE-2014-1944
Cross-site scripting XSS vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry...
Cross site scripting
Cross-site scripting XSS vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry...
CVE-2014-1944
Cross-site scripting XSS vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry...
CVE-2014-1944
CVE-2014-1944 describes a Cross-Site Scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier. The issue arises from insufficient sanitisation of the HTTP POST parameter text sent to /index.php/guestbook/index/newentry, allowing a remote unauthenticated user to inject arbitrary HTML/script that ...