EUVD-2023-37903

Malicious code in bioql PyPI...

EUVD-2023-37902

Malicious code in bioql PyPI...

CVE-2024-48234

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

CVE-2023-33751

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php...

CVE-2024-48234

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

CVE-2024-48233

The CVE-2024-48233 entry affects mipjz 5.0.5, with a Cross Site Scripting (XSS) flaw in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. Root cause: improper handling/validation of the ICP parameter leading to XSS. Impact as stated: potential for script injection; CVSS 3.1 base ...

CVE-2024-48234

The CVE-2024-48234 issue affects mipjz 5.0.5. In the push method of app\tag\controller ApiAdminTag.php, the postAddress parameter is not validated and is passed directly to curl_exec, enabling server-side request forgery (SSRF) that can read server files. Red Hat and NVD entries confirm the same ...

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

PT-2024-33043 · Mipjz · Mipjz

Name of the Vulnerable Software and Affected Versions: mipjz version 5.0.5 Description: A Server-side request forgery SSRF vulnerability exists due to the improper handling of the postAddress parameter in the mipPost method of the ApiAdminTool.php file. This allows an attacker to read server file...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

mipjz 安全漏洞

mipjz is a content management system based on Baidu Mobile Accelerator MIP developed by sansanyun individual developer. A security vulnerability exists in mipjz version 5.0.5, which originates from the mipPost method in appsettingcontrollerApiAdminTool.php that improperly handles the postAddress...

CVE-2024-48232

CVE-2024-48232 affects mipjz 5.0.5. The issue is in the mipPost method of \app\setting\controller\ApiAdminTool.php, where the postAddress parameter is not validated and is passed directly to curl_exec, enabling Server-Side Request Forgery (SSRF) that can read server files. Documented across NVD/R...

CVE-2024-48234

An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in Server-side request forgery SSRF vulnerability that can read server file...