CVE-2021-27823

CVE-2021-27823 affects NetWave System 1.0 with an information disclosure vulnerability in /index.class.php exposed via port 8181. The issue allows unauthenticated attackers to exfiltrate sensitive information from the system. Documented details indicate network-accessible exposure with a confiden...

PHPYun v3.2 /ask/model/index.class.php SQL注入漏洞

/ask/model/index.class.php$iids=$isset'ids'.','.$POST'id'; $nid=$this-obj-updateonce"attention",array"ids"=$iids,array"id"=$isset'id'; if$nid $data'uid'=$this-uid; $data'content'=$content; $data'ctime'=time; $this-obj-insertinto"friendstate",$data; echo '1'; else echo '0'; $iids拼接用戶POST的id。...

PHP云人才系统(20141229)2处SQL注入

简要描述： PHP云人才系统20141229二处隐蔽的SQL注入 详细说明： PHP云人才系统二处SQL注入。 0x01: 问答首页 ======================== URL为： http://www.hr135.com/ask/index.php?order=addtime 其中参数order可以注入。 看看代码/include/libs/SmartyCompiler.class.php：5330 5330 function complieqliststart$tagargs 5331 5332 $paramer = $this-parseattrs$tagargs;...

phpyun v3.1.0604 /index.class.php 本地文件包含漏洞

No description provided by source...

PHPYUN最新版SQL注入（绕过防御）

简要描述： PHPYUN最新版（phpyunv3.1.0604gbk）SQL注入（绕过防御） 详细说明： PHPYUN最新版：phpyunv3.1.0604gbk 文件/member/model/index.class.php function resumeajaxaction includePLUSPATH."user.cache.php"; $table="resume".$POST'type'; $id=int$POST'id'; $info=$this-obj-DBselectonce$table,"id='".$id."'";...

TCCMS SQL注入漏洞

简要描述： TCCMS SQL注入漏洞 详细说明： /app/controller/index.class.php public function search $Obj = M"news"; $skey = $POST"key"; $where = empty$skey ? "1=1" : "title like '%$skey%'";//注入 $Obj-field"id,uid,classid,smallmemo,title,photo,photos,addtime,hits,isphoto,levels,top,flashpic,special,reply";...