60 matches found
MKCMS suffers from SQL injection vulnerability
MKCMS is a content management system. MKCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
PinYou Movie MKCMS v5.0 suffers from SQL Injection Vulnerability
PinYou film and television to provide VIP video resolution of the film and television station source code, automatic update maintenance. MKCMS v5.0 has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
CVE-2019-11332
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...
Default credentials
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...
CVE-2019-11332
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456...
CVE-2019-11332
The CVE-2019-11332 entry concerns MKCMS 5.0. Affected component: the repass.php flow in ucenter. The issue allows remote attackers to takeover arbitrary user accounts by posting a username and e-mail address, which triggers an e‑mail containing the user’s password (demo: 123456). The Red Hat and ...
Cross site request forgery (csrf)
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...
CVE-2019-11078
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...
CVE-2019-11078
Summary: CVE-2019-11078 affects MKCMS V5.0, where a CSRF flaw in the ucenter/userinfo.php endpoint allows adding a new admin user. The underlying issue is lack of proper request validation, enabling an attacker-controlled cross-site request to perform privileged action without user consent. Impac...
CVE-2019-11078
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...
MKCMS SQL Injection Vulnerability
MKCMS is a content management system. A SQL injection vulnerability exists in MKCMS version V5.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...
CVE-2019-10707
MKCMS V5.0 has SQL injection via the bplay.php play parameter...
CVE-2019-10707
MKCMS V5.0 has SQL injection via the bplay.php play parameter...
Sql injection
MKCMS V5.0 has SQL injection via the bplay.php play parameter...
CVE-2019-10707
MKCMS V5.0 has SQL injection via the bplay.php play parameter...
CVE-2019-10707
MKCMS V5.0 is affected by a SQL injection vulnerability in the bplay.php play parameter. The root cause is inadequate validation of externally supplied SQL statements, per CNVD-2019-14075 and related entries, with Red Hat and CVE databases confirming the same issue. Impact is described as high/cr...
SQL Injection Vulnerability in MKCMS Version 5.0 ac***.php Page
MKCMS is a content management system. A SQL injection vulnerability exists in the ac.php page of MKCMS version 5.0, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in MKCMS vl***.php Page
MKCMS is a content management system. A SQL injection vulnerability exists in the MKCMS vl.php page, which can be exploited by attackers to obtain sensitive information from the database...
mkCMS - index.php Arbitrary PHP Code Execution
mkCMS - index.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is...
mkCMS - 'index.php' Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...