GO-2026-4708 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes in github.com/siyuan-note/siyuan

SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes in github.com/siyuan-note/siyuan...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insufficient path validation for the localPath parameter, which could allow non-administrator...

CVE-2020-20948

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

jeecg Access Control Error Vulnerability

jeecg is a software application. An intelligent development platform based on a code generator. An Access Control Error vulnerability exists in Jeecg that stems from the product not doing valid validation of input data. An attacker can exploit the vulnerability to access sensitive files by...

CVE-2020-20948

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

CVE-2020-20948

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

Arbitrary file deletion

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

CVE-2020-20948

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable...

CVE-2020-20948

CVE-2020-20948 affects jeecg v3.8, enabling arbitrary file download by modifying the localPath variable. The vulnerability stems from insufficient input validation/Access Control, allowing an attacker to access sensitive files. Exploitation status is not documented in the provided sources; no pat...

Nconf 1.3 SQL Injection / Cross Site Scripting Vulnerabilities

Nconf version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，email protected Software Link: http://sourceforge.net/projects/nconf/files/nconf/...

Nconf 1.3 - Multiple SQL Injections

Nconf 1.3 - Multiple SQL Injections Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Vendors: http://www.nconf.org/ Author HomePage:...

Nconf 1.3 SQL Injection / Cross Site Scripting

Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Vendors: http://www.nconf.org/ Author HomePage: http://security-geeks.blogspot.com/...

Nconf 1.3 - Multiple SQL Injections

Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Vendors: http://www.nconf.org/ Author HomePage: http://security-geeks.blogspot.com/...

PT-2007-6587 · Php · Sphpblog

Name of the Vulnerable Software and Affected Versions: PHPBlog version 0.1 Alpha Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the blog localpath parameter to includes/functions.php or includes/email.php. However, it is noted that this issue is disputed...

MyReview 1.9.4 (email) Remote SQL Injection / Code Execution Exploit

No description provided by source. MyReview 1.9.4 SQL Injection exploit http://myreview.lri.fr/ in functions.php starting from line 382 ............ function GetMember $email, $db, $mode="array" $query = "SELECT FROM PCMember WHERE email = '$email'" ; result = $db-execRequete $query;...