CVE-2018-18737

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexmlloadstring. This can also be used for SSRF...

The micro-engine technology payment/wechat/nofity.php SQL injection vulnerability

No description provided by source...

Uploader 1.0.4 - notify.php blog Parameter XSS

The uploader WordPress plugin was affected by a notify.php blog Parameter XSS security vulnerability...

Uploader 1.0.0 - wp-content/plugins/uploader/views/notify.php num Parameter XSS

The uploader WordPress plugin was affected by a wp-content/plugins/uploader/views/notify.php num Parameter XSS security vulnerability...

CVE-2013-2287

The CVE-2013-2287 issue affects WordPress Uploader Plugin 1.0.4, specifically XSS in views/notify.php via the notify or blog parameters. The underlying vulnerability allows remote attackers to inject arbitrary scripts/HTML, with impact limited to partial integrity impact and no confidentiality/av...

Destoon Sql注入漏洞一枚（有条件）

简要描述： 过滤不严。 详细说明： 下的最新版了 在destoon\api\pay\chinabank\notify.php中 $POST = $DPOST; if!$POST exit'error'; $bank = 'chinabank'; $PAY = cacheread'pay.php'; if!$PAY$bank'enable' exit'error'; //这里 必须要启用了这个支付方式才行 if!$PAY$bank'keycode' exit'error'; $key = $PAY$bank'keycode'; $void =trim$POST'void'; $vpmode...