Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

seebug.org
seebug.orgadded 2011/07/29 12:0 a.m.20 views

JspRun!6.0 论坛管理后台注入漏洞

JspRun!论坛管理后台的export变量没有过滤,直接进入查询语句,导致进行后台,可以操作数据库,获取系统权限。 在处理后台提交的文件中ForumManageAction.java第1940行 String export = request.getParameter"export";//直接获取,没有安全过滤 ifexport!=null List styles=dataBaseService.executeQuery"SELECT s.name, s.templateid, t.name AS tplname, t.directory, t.copyright FROM...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2011/05/01 12:0 a.m.15 views

JspRun!论坛管理后台注入漏

JspRun!论坛管理后台的export变量没有过滤,直接进入查询语句,导致进行后台,可以操作数据库,获取系统权限。 在处理后台提交的文件中ForumManageAction.java第1940行 String export = request.getParameter"export";//直接获取,没有安全过滤 ifexport!=null ListMapString,String styles=dataBaseService.executeQuery"SELECT s.name, s.templateid, t.name AS tplname, t.directory,...

7.1AI score
Exploits0
myhack58
myhack58added 2011/04/29 12:0 a.m.15 views

JspRun! The forum management background injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: JspRun! The forum management background the export variable is not filtered, directly into the query statement, resulting in the background, you can operate the database, access to system privileges. Vulnerability analysis: in processing the background documents submitt...

0.2AI score
Exploits0
Rows per page
Query Builder