41 matches found
Cross-site Request Forgery (CSRF) Vulnerabilities in PHP MicroCMS
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in PHP MicroCMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in PHP MicroCMS 1.1 The vulnerability exists due to insufficient validation of the...
CVE-2010-3480
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...
Sql injection
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password variables, possibly related to include/classes/Login.php. NOTE: some of these details are...
Directory traversal
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...
CVE-2010-3480
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...
CVE-2010-3480
CVE-2010-3480 affects ApPHP PHP MicroCMS 1.0.1. The vulnerability is a directory traversal/local file include in index.php exploitable via a .. in the page parameter when magic_quotes_gpc is disabled, allowing remote inclusion/execution of arbitrary local files in the webserver context. OpenVAS e...
CVE-2010-3481
CVE-2010-3481 affects ApPHP PHP MicroCMS 1.0.1. It discloses multiple SQL injection vulnerabilities in login.php when magic_quotes_gpc is disabled, allowing remote attackers to potentially execute arbitrary SQL via (1) user_name and (2) password variables, possibly tied to include/classes/Login.p...
Month Of Abysssec Undisclosed Bugs - PHP MicroCMS 1.0.1
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | wronglogin = false; if !$this-isloggedin && $POST'submit' == "Login" && !empty$POST'username' && !empty$POST'password' $this-dologin$POST'username', $POST'password'; else if $POST'submitlogout' == "Logout"...
PHP MicroCMS Local File Include and SQL Injection Vulnerabilities
PHP MicroCMS is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to view and execute arbitrary local fil...
PHP MicroCMS 1.0.1 Multiple Remote Vulnerabilities
Exploit for php platform in category web applications ================================================== PHP MicroCMS 1.0.1 Multiple Remote Vulnerabilities ================================================== Title : PHP MicroCMS 1.0.1 Multiple Remote Vulnerabilities Affected Version : PHP MicroCMS...
PHP MicroCMS Local File Include and SQL Injection Vulnerabilities
PHP MicroCMS is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...
PHP microcms 1.0.1 - Multiple Vulnerabilities
PHP microcms 1.0.1 - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | wronglogin = false; if !$this-isloggedin && $POST'submit' == "Login" && !empty$POST'username' && !empty$POST'password' $this-dologin$POST'username', $POST'password';...
PHP microcms 1.0.1 - Multiple Vulnerabilities
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | wronglogin = false; if !$this-isloggedin && $POST'submit' == "Login" && !empty$POST'username' && !empty$POST'password' $this-dologin$POST'username', $POST'password'; else if $POST'submitlogout' == "Logout"...
MicroCMS 3.5 (SQL/LFI) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ====================================================== MicroCMS 3.5 SQL/LFI Multiple Remote Vulnerabilities ====================================================== Micro CMS File inclusion Vuln Micro CMS SQLi login bypass By learn3r hacker...
MicroCMS 3.5 LFI / SQL Injection
Micro CMS File inclusion Vuln Micro CMS SQLi login bypass By learn3r hacker from Nepal [email protected] Affected version: v 3.5 or may be lower... File Inclusion Vuln Requires register globals to be on... Vuln file: microcms-inlude.php...
MicroCMS 3.5 (SQL/LFI) Multiple Remote Vulnerabilities
No description provided by source. Micro CMS File inclusion Vuln Micro CMS SQLi login bypass By learn3r hacker from Nepal [email protected] Affected version: v 3.5 or may be lower... File Inclusion Vuln Requires register globals to be on... Vuln file: microcms-inlude.php...
MAXcms 3.11.20b Remote File Inclusion / Disclosure
MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities I- Remote File Disclosure Vulnerabilities In /includes/inc.thcmsadmindirtree.php Code 22: if $GET"getjs"=="1" POC : http://localhost//microcms/includes/filemanager/special.php?fmincludesspecial=http://localhost/020.txt Thanx To ... | || \ \ \ ...
Sql injection
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design IBD Micro CMS 3.5 aka 0.3.5 allow remote attackers to execute arbitrary SQL commands via 1 the administratorsusername parameter aka the Username field or 2 the administratorspass parameter aka the Password fie...
CVE-2008-6614
CVE-2008-6614 affects Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5). The vulnerability arises in microcms-admin-login.php where remote attackers can inject SQL through (1) administrators_username or (2) administrators_pass, enabling arbitrary SQL execution. The reports consistently describe m...
CVE-2008-6553
microcms-admin-home.php in Implied by Design Micro CMS Micro-CMS 3.5 aka 0.3.5 does not require authentication as an administrator, which allows remote attackers to 1 create administrative accounts via an addadmin action, 2 remove administrative accounts via a deleteadmin action, and 3 modify...