Yzmcms 跨站脚本漏洞

Yzmcms is an open source CMS Content Management System. A cross-site scripting vulnerability exists in YzmCMS version 5.6. The vulnerability stems from the program using UEditor 1.4.3.3, so the vulnerability can be exploited through the SRC attribute of the IFRAME element in...

YzmCMS Eval Injection Vulnerability

YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A security vulnerability exists in the yzmphp/core/function/global.func.php file in YzmCMS version 3.7.1. A remote attacker can exploit this vulnerability by executing arbitrary code with the PHP...

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

finecms SQL injection vulnerability (CNVD-2017-28415)

FineCMS is a website building system based on PHP+MySql+CI framework. A SQL injection vulnerability exists in the controllersmemberContentController.php page in Finecms, which can be exploited by remote attackers to manipulate the website database...

fineCMS免费版某处又一sql注入

简要描述： 这次让我先呵呵！！！ 详细说明： 会员中心，文章-先发表一篇文章，然后去修改，看看修改的代码 controllers/member/ContentController.php public function editAction 。。。。 if $this-post'submit' $data = $data; unset$data; $data = $this-post'data'; /printr$data; exit;/ if empty$data'title' $this-memberMsglang'm-con-13'; if $data'catid' != $cat...