IBOS Enterprise Collaboration Management Software NewsController.php page actionTop function has SQL injection vulnerability

IBOS Enterprise Collaboration Management Software is a PHP-based collaborative office management system. A SQL injection vulnerability exists in the NewsController.php page of IBOS Enterprise Collaboration Management Software. An attacker is allowed to exploit the vulnerability to obtain sensitiv...

YXcms newsController.php SQL Injection Vulnerability

YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. A SQL injection vulnerability exists in YXcms newsController.php. Allow attackers to exploit the vulnerability to obtain sensitive database information...

YXcms1.2.8两处任意文件删除可reinstall

简要描述： 1.2.8 详细说明： 一处没有过滤，一处过滤失误 第一处：/protected/apps/member/controller/inforController.php public function index $auth=$this-auth; $id=$auth'id'; if!$this-isPost $info=model'members'-find"id='$id'"; $this-info=$info; $this-path=ROOT.'https://images.seebug.org/upload/member/image/';...