34 matches found
EUVD-2023-37902
Malicious code in bioql PyPI...
EUVD-2023-37903
Malicious code in bioql PyPI...
CVE-2024-48234
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...
CVE-2024-48233
mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...
CVE-2024-48232
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...
CVE-2023-33750
A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...
CVE-2023-33751
A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php...
CVE-2024-48234
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...
CVE-2024-48232
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...
CVE-2024-48233
mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...
CVE-2024-48232
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...
CVE-2024-48233
mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...
CVE-2024-48234
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...
CVE-2024-48234
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...
mipjz 安全漏洞
mipjz is a content management system developed by sansanyun based on Baidu Mobile Accelerator MIP. A security vulnerability exists in mipjz version 5.0.5, which is caused by improper handling of the ICP parameter in appsettingcontrollerApiAdminSetting.php, which is susceptible to cross-site...
CVE-2024-48233
mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...
mipjz 安全漏洞
mipjz is a content management system based on Baidu Mobile Accelerator MIP developed by sansanyun individual developer. A security vulnerability exists in mipjz version 5.0.5, which originates from the mipPost method in appsettingcontrollerApiAdminTool.php that improperly handles the postAddress...
CVE-2024-48232
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...
CVE-2024-48232
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...
CVE-2024-48233
mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...