19 matches found
EUVD-2019-5886
Malware in sbrugna...
EUVD-2021-26595
Malware in sbrugna...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
KuaiFanCMS Arbitrary File Read Vulnerability
KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...
CVE-2021-3256
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
CVE-2021-3256
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
Design/Logic Flaw
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
CVE-2021-3256
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the htmlurl parameter of the chakanhtml.module.php file...
CVE-2021-3256
KuaiFanCMS V5.x has an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. The issue stems from the html_url parameter handling in that module, allowing an attacker to read arbitrary files and potentially obtain sensitive information. Multiple sources (C...
KuaiFan 参数注入漏洞
KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...
Directory Traversal Vulnerability in KuaiFanCMS
KuaiFanCMS is developed using PHP5+MYSQL as the technical base. kf is built using Smarty template engine. KuaiFanCMS has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
Design/Logic Flaw
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-14746
CVE-2019-14746 affects KuaiFanCMS 5.0. The issue is an eval injection vulnerability: an attacker can place PHP code in the install.php db_name parameter and trigger it via a subsequent config.php request, enabling code execution as described. The connected documents confirm this vector and impact...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
Stored Cross-Site Scripting Vulnerability in KuaiFanCMS V4.0
KuaiFanCMS V5.x hereinafter referred to as KF uses PHP5+MYSQL as the technical basis for development.KF is built with Smarty template engine. KuaiFanCMS V4.0 has a stored cross-site scripting vulnerability. An attacker can insert malicious js code into a page to obtain user cookies and other...
SQL Injection Vulnerability in KuaiFanCMS V5.0
KuaiFanCMS V5.x hereinafter referred to as KF uses PHP5+MYSQL as the technical basis for development.KF is built with Smarty template engine. KuaiFanCMS V5.0 has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive information from the database...
Local File Containment Vulnerability in KuaiFanCMS
KuaiFanCMS V5.x is developed with PHP5+MYSQL as the technical base. kf is built with Smarty template engine. A local file include vulnerability exists in the KuaiFanCMS /upload/index.php file. Due to the parameters within the include are not filtered, can lead to .class.php suffix file include, i...