CVE-2018-25431 No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

CVE-2018-25431

CVE-2018-25431 affects No-CMS 1.0 and describes an SQL injection in the order_by parameter of the manage_privilege export endpoint. An authenticated attacker can submit a crafted POST request to /nocms/main/manage_privilege/index/export with SQL payload in order_by[0] to manipulate database queri...

CVE-2018-25431 No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

PT-2026-45622

No-Cms 1.0 contains an SQL injection vulnerability in the order by parameter of the manage privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage privilege/index/export with malicious SQL code in the...

No-CMS SQL injection vulnerability

No-CMS is a customizable content management framework developed by Go Frendi Gunawan. Version 1.0 of No-CMS has a SQL injection vulnerability. This vulnerability stems from the orderby parameter in the manageprivilege endpoint, which allows for SQL injection attacks. This could enable authenticat...

EUVD-2018-11576

Malware in sbrugna...

EUVD-2018-11575

Malware in sbrugna...

EUVD-2018-10579

Malware in sbrugna...

No-CMS Cross-Site Scripting Vulnerability

No-CMS is a free content management system. The system supports authentication and authorization, custom themes and module extensions. A cross-site scripting vulnerability exists in No-CMS version 1.1.3. A remote attacker can use the 'keyword' parameter on the blog/managearticle page to inject...

CVE-2018-19901

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...

CVE-2018-19902

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle "keyword" parameter...

CVE-2018-19902

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle "keyword" parameter...

Cross site scripting

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle "keyword" parameter...

CVE-2018-19901

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...

Cross site scripting

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...

CVE-2018-19901

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...

CVE-2018-19901

CVE-2018-19901 affects No-CMS 1.1.3 and is described as a persistent XSS vulnerability exploitable via the blog/manage_article/index/“article_title” parameter. The available public records identify the vulnerable component/entry point but do not provide exploit code, affected versions beyond 1.1....

CVE-2018-19902

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle "keyword" parameter...

CVE-2018-19902

Vulnerability summary (CVE-2018-19902): No-CMS 1.1.3 is susceptible to a Persistent XSS attack via the blog/manage_article page, specifically through the keyword parameter. The available records indicate the issue is a stored/reflected-like XSS path focused on this input vector, but do not provid...

No-Cms 1.0 - order_by SQL Injection

No-Cms 1.0 - orderby SQL Injection Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Date: 2018-11-28 Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali Lin...