马克斯CMS(Maxcms) admin_inc.asp SQL注入漏洞

在文件admin/ admininc.asp中： Sub checkPower //第103行 dim loginValidate,rsObj : loginValidate = "maxcms2.0" err.clear on error resume next set rsObj=conn.db"select mrandom,mlevel from premanager where musername='"&rCookie"musername"&"'","execute" rCookie函数在文件inc/ CommonFun.asp中 Function rCookiecookieNa...

CVE-2009-1818

SQL injection vulnerability in admin/adminmanager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an musername cookie in an add action...

Sql injection

SQL injection vulnerability in admin/adminmanager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an musername cookie in an add action...

CVE-2009-1818

SQL injection vulnerability in admin/adminmanager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an musername cookie in an add action...

CVE-2009-1818

CVE-2009-1818 affects MaxCMS 2.0, where the admin/admin_manager.asp component is vulnerable to SQL injection via an m_username cookie in the add action. The underlying flaw allows remote attackers to execute arbitrary SQL commands with the potential to impact data. Public references confirm a wor...

CVE-2009-1764

SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action...

Sql injection

SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action...

CVE-2009-1764

The CVE-2009-1764 issue is a SQL injection vulnerability in MaxCMS 2.0, specifically in inc/ajax.asp via the id parameter used by a digg action. The underlying flaw is improper handling of user input leading to arbitrary SQL execution on remote systems. Impact is partial confidentiality/integrity...

CVE-2009-1764

SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action...

MaxCMS 2.0 (inc/ajax.asp) Remote SQL Injection Vulnerability

No description provided by source. Securitylab.ir Application Info: Name: Maxcms Version: 2.0 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium...

MaxCMS 2.0 - incajax.asp SQL Injection

MaxCMS 2.0 - incajax.asp SQL Injection Securitylab.ir Application Info: Name: Maxcms Version: 2.0 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium...

MaxCMS 2.0 - '/inc/ajax.asp' SQL Injection

Securitylab.ir Application Info: Name: Maxcms Version: 2.0 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Risk: Medium ===========================================================...

MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit

No description provided by source. ?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...

MaxCMS 2.0 Create New Admin

?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...