ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...

phpIPAM header injection vulnerability

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM version 1.5.0 is vulnerable to header injection, which stems from a lack of validation of input data in component/admin/subnets/ripe-query.php, and can be exploited by attackers to cause header injection...

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58895)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output from path/job. An attacker could exploit this vulnerabili...

SQL Injection Vulnerability in mymps Backend

mymps is a php mysql based website builder. SQL injection vulnerability exists in mymps backend, which can be exploited by attackers to obtain sensitive database information...

TuziCMS SQL Injection Vulnerability (CNVD-2022-25982)

TuziCMS Rabbit CMS is a PHP and MySQL-based enterprise content management system CMS. SQL injection vulnerability exists in TuziCMS version 2.0.6, which stems from the fact that AppManageControllerBannerController.class.php lacks validation for external input SQL statements. An attacker could use...

ImpressCMS path traversal vulnerability

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...

ImpressCMS SQL Injection Vulnerability (CNVD-2022-30802)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a SQL injection vulnerability that stems from insufficient cleaning of user data passed in the groupps parameter of the...

Unspecified vulnerability in ImpressCMS

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS has a security vulnerability that stems from the fact that impress scms prior to 1.4.2 allows traversal of the origName or imageName directory b...

PhpIPAM Cross-Site Scripting Vulnerability (CNVD-2022-08175)

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM in v1.4.4 is vulnerable to a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering in the Site title parameter when updating site settings. ...

SourceCodester Alumni Management System Code Issue Vulnerability

Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. A security vulnerability exists in SourceCodester Alumni Management System version 1.0, which could be exploited by attackers to exploit the vulnerability to execute arbitrary code to...

Command Execution Vulnerability in SeaCMS V210530

Ocean CMS is a PHP MYSQL-based architecture, professional open source free PHP film and television system, can be cross-platform operation of the web content management system. A command execution vulnerability exists in SeaCMS V210530. An attacker can exploit this vulnerability to obtain web...

Code execution vulnerability in geeweb

geeweb is a PHP MySQL-based development to completely free, fast site, easy maintenance, high security, strong load force, SEO friendly and other features, for the small and medium-sized enterprises, social groups, schools and individual users, such as the station-building system. A code executio...

ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2021-17253)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS profile version 1.4.2, which stems from a Display Name field that is not validly filtered for inpu...

Simplephpscripts News Script PHP Pro 跨站请求伪造漏洞

News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site request forgery vulnerability exists in News Script PHP Pro 2.3. An attacker can exploit this vulnerability to add new users...

SQL injection vulnerability in WMCMS Pro da***.my***.php file

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. There is a SQL injection vulnerability in the file da.my.php in the professional version of WMCMS. Attackers can use this vulnerability to obtain server administrative privileges...

File Deletion Vulnerability in NetSoft Zhicheng Classifieds Website System

NetSoft Zhicheng classifieds website system is a php mysql based website building system. NetSoft Zhicheng classifieds website system file deletion vulnerability, an attacker can use the vulnerability to delete arbitrary files...

torrenttrader 2.08 - Multiple Vulnerabilities

No description provided by source. waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind waraxe Date: 17. September 2012 Location: Estonia, Tartu Web:...

Tunngavik CMS SQL Injection

======================================================= Tunngavik CMS Exploit database separated by exploit 3 3 type local, remote, DoS, etc. 3 7 7 1 + Site : 1337db.com 1 3 + Support e-mail : submitat1337db.com 3 3 3 7 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 3 3 3...

Glenovation <= Remote Based SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================= Glenovation Exploit database separated by exploit 3 3 type local, remote, DoS, etc. 3 7 7 1 + Site : 1337db.com 1 3 + Support e-mail : submitat1337db.com 3 3 3 7 7 1 I'm KnocKout 1337...

Cag CMS 0.2 Blind SQL Injection / Cross Site Scripting

----------------------------------------------------------------------------------------- Cag CMS Version 0.2 Beta = XSS && Blind SQL Injection Multiple Vulnerabilities ----------------------------------------------------------------------------------------- Author : Shamus Date : October, 05th...