30 matches found
CVE-2022-31386
A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...
EUVD-2022-49296
Malicious code in bioql PyPI...
EUVD-2022-49295
Malicious code in bioql PyPI...
EUVD-2022-49297
Malicious code in bioql PyPI...
EUVD-2022-52904
Malicious code in bioql PyPI...
CVE-2022-46493
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/downloadimg...
CVE-2022-46492
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary...
CVE-2022-46491
A Cross-Site Request Forgery CSRF vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts...
CVE-2022-46492
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary...
PT-2022-27882 · Nbnbk · Nbnbk
Name of the Vulnerable Software and Affected Versions: nbnbk affected versions not specified Description: The issue is related to an arbitrary file read vulnerability. This vulnerability is exploited via the /api/Index/getFileBinary API endpoint. Recommendations: At the moment, there is no...
nbnbk 路径遍历漏洞
nbnbk is based on thinkphp5 cms management system , B2C e-commerce open source php mall system platform , tp5 open source cms , thinkphp enterprise website source code for blogs , small and medium-sized enterprises to build a station secondary development . nbnbk there is a security vulnerability...
CVE-2022-46492
CVE-2022-46492 affects nbnbk (a ThinkPHP-based CMS/e-commerce platform). The vulnerability arises from an arbitrary file read via the API endpoint /api/Index/getFileBinary, associated with commit 879858451d53261d10f77d4709aee2d01c72c301. Documents consistently describe an arbitrary file read, but...
CVE-2022-46493
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/downloadimg...
CVE-2022-46491
A Cross-Site Request Forgery CSRF vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts...
Design/Logic Flaw
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/downloadimg...
CVE-2022-46491
A Cross-Site Request Forgery CSRF vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts...
CVE-2022-46491
CVE-2022-46491 affects the default version of nbnbk. The vulnerability is a Cross-Site Request Forgery (CSRF) in the Add Administrator function, allowing an attacker to arbitrarily add Administrator accounts. Public data confirms this is a CSRF issue; details on exact root cause, vulnerable versi...
CVE-2022-46493
CVE-2022-46493 affects the nbnbk default version, with an arbitrary file upload vulnerability exposed via the /api/User/download_img endpoint. The CVE is rated CVSS v3.1 base score 9.8 (CRITICAL), with network attack vector, no privileges required, and no user interaction; impacts to confidential...
nbnbk 跨站请求伪造漏洞
nbnbk is based on thinkphp5 cms management system , B2C e-commerce open source php mall system platform , tp5 open source cms , thinkphp enterprise website source code for blogs , small and medium-sized enterprises to build a station secondary development . nbnbk There is a security vulnerability...