CandyCMS 安全漏洞

CandyCMS is a simple PHP CMS open-sourced by Stephen Radford. A security vulnerability exists in CandyCMS version 1.0.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the install.php component...

CVE-2020-19527

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...

MiniCMS Arbitrary PHP Code Execution Vulnerability

MiniCMS is a micro content management system designed for personal websites. An arbitrary PHP code execution vulnerability exists in MiniCMS 1.10. An attacker can exploit this vulnerability to execute arbitrary PHP code via the install.php sitename parameter...

Web Reference Database Command Execution Vulnerability

Web Reference Database is a web-based multi-user interface product that provides search tools and automatic indexing for managing scientific literature. A vulnerability in the handling of the 'adminPassword' parameter in the Web Reference Databaseinstall.php script allows remote attackers to...

PostNuke 0.7x - Install Script Administrator Password Disclosure

source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an...

PostNuke 0.7x - Install Script Administrator Password Disclosure

PostNuke 0.7x - Install Script Administrator Password Disclosure source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the...