SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability due to SQL injection caused by the param msg.php file’s msgid operation, which may lead to remote attacks...

Cross-site scripting - Stored via upload ".msg" file

Description When user upload file with .msg extension in white-list, but when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html Proof of Concept POST /microweber/plupload HTTP/1.1 Host: localhost User-Agent:...

Security update 1970-01-01

...