Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52829

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro - Add Member From Admin versions prior to 0.7.3 Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to execute unauthorized actions via crafted requests. CSRF is a type of attack...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3
NVD
NVD
added 2022/05/04 3:15 a.m.18 views

CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...

9.8CVSS0.01033EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/19 6:0 p.m.19 views

CVE-2018-10235

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

7.4AI score0.01521EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/05/27 12:0 a.m.21 views

Destoon B2B 2014-05-21最新版csrf getshell

简要描述: 上传问题+csrf+后台任意命令执行 = csrf getshell 详细说明: 先说上传问题,自带的fck编辑器没有验证上传图片的合法性,只判断了后缀名。 可以通过上传一个.jpg后缀的swf来进行csrf 然后是后台命令执行 /member/admin/sendmail.inc.php 行151 default: ifisset$send ifisset$preview && $preview $content = stripslashes$content; if$template if$sendtype == 2 $emails = explode"\n",...

7.1AI score
Exploits0
Prion
Prion
added 2009/04/10 10:0 p.m.15 views

Unrestricted file upload

Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in MemberAdmin/logo/...

6.8CVSS8.2AI score0.02628EPSS
Exploits1References3
exploitpack
exploitpack
added 2008/12/10 12:0 a.m.22 views

living Local 1.1 - Cross-Site Scripting Arbitrary File Upload

living Local 1.1 - Cross-Site Scripting Arbitrary File Upload Authot: Bgh7 Home: http://ozelteam.com - Turk Bilisim Gücleri Pst: [email protected] ============================= Dork: allinurl:clientsignup.php "classifieds" Dork2: Powered By: Living Local V1.1 Demo:...

0.4AI score
Exploits0
Rows per page
Query Builder