14 matches found
CVE-2018-19228
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation...
CVE-2018-19221
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter...
CVE-2018-19229
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter...
CVE-2018-19223
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI...
EUVD-2018-11026
Malware in sbrugna...
EUVD-2018-10938
Malware in sbrugna...
CVE-2018-19226
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI...
CVE-2018-19328
LAOBANCMS 2.0 allows install/mysqlhy.php?riqi=../ Directory Traversal...
CVE-2018-19225
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF...
CVE-2018-19222
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysqlhy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists...
CVE-2018-19221
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter...
Spoofing
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies...
CVE-2018-19229
LAOBANCMS 2.0 is affected by an XSS vulnerability in the admin/art.php?typeid=1 biaoti parameter. Multiple connected sources (NVD/NVD-derived CVE, Red Hat, CNVD, CVE listings) corroborate that the issue arises from unsanitized input in the biaoti parameter leading to cross-site scripting. The exa...
CVE-2018-19228
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation...