23 matches found
EUVD-2020-14206
Malware in sbrugna...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
CVE-2020-21434
Maccms 10 contains a cross-site scripting XSS vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field...
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...
EyouCms 跨站请求伪造漏洞
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms version V1.5.9-UTF8-SP1, which originates from the inclusion of cross-site request forgery CSRF via the Basic...
CVE-2022-44387
CVE-2022-44387 affects EyouCMS v1.5.9-UTF8-SP1. A CSRF vulnerability exists in the Basic Information component of the Edit Member module, potentially allowing unauthorized actions to be performed on behalf of a user. Root cause is CSRF in that module. Remediation is recommended: implement CSRF to...
CVE-2022-44387
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Basic Information component under the Edit Member module...
CVE-2020-21434
Maccms 10 contains a cross-site scripting XSS vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field...
CVE-2020-21434
Maccms 10 contains a cross-site scripting XSS vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field...
Cross site scripting
Maccms 10 contains a cross-site scripting XSS vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field...
CVE-2020-21434
Maccms 10 contains a cross-site scripting XSS vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field...
CVE-2020-21434
CVE-2020-21434 affects Maccms 10. The vulnerability is a cross-site scripting (XSS) flaw in the Editing function under the Member module, exploitable via a crafted payload in the nickname field. Root cause: lack of proper input validation allowing script execution. Impact: client-side code execut...
Maccms 跨站脚本漏洞
Maccms is a PHP-based content management system CMS for film and television. A cross-site scripting vulnerability exists in Mccms10, which stems from the fact that the nickname in the editing function under the Member module of the product fails to properly validate user input data. An attacker c...
PHPCMS version 9.1.5 to 9.6.3 SQL Injection Vulnerability in Member Module me***_mo***.php
PHPCMS uses PHP5+MYSQL as the technical basis for development.V9 uses OOP object-oriented approach to build the basic operational framework. PHPCMS 9.1.5 to 9.6.3 version of the membership module memo.php SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitiv...
SQL Injection Vulnerability in the New Member Module mo**** Parameters of 120 Emergency Command Center Web Service System
120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. A SQL injection vulnerability exists in the mo parameter of the new membership module of the 120 Emergency Command...
CVE-2018-10235
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...
WordPress add-edit-delete-listing-for-member-module SQL Injection Vulnerability
WordPress add-edit-delete-listing-for-member-module is a WordPress-specific plugin for adding, editing and deleting operations on member listings. A SQL injection vulnerability exists in WordPress add-edit-delete-listing-for-member-module version 1.0, which stems from the program failing to filte...
PHPCMS 'phpcms\modules\member\index.php 'the presence of any of the password reset vulnerability
No description provided by source...
PHPCMS 'phpcms\modules\member\index.php ' Arbitrary Password Reset Vulnerability
PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. PHPCMS 'phpcms\modules\member\index.php ' has an arbitrary password rese...
xercms \XerCMS\Modules\member\index.php parameters$_FILES SQL injection
sql injection in D:\wamp\www\XerCMS\Modules\member\index. in php upfiles function public function upfiles setformat'json'; $config = ini'member/group/'. X::$G'group'; ifempty$config exit'Access Denied'; else if$config'upload'0 == 0 error'uploadgrouplimit'; else if$config'upload'1 != 0 &&...