EUVD-2020-14966

Malware in sbrugna...

EUVD-2022-1307

Malicious code in bioql PyPI...

Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

PT-2021-10745 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpCMS 2008 sp4 Description: The issue allows remote malicious users to execute arbitrary php commands. This is achieved via the pagesize parameter to the "yp/product.php" endpoint. Recommendations: For phpCMS 2008 sp4, consider restricting...

phpcms 2008 product.php pagesize参数代码注射漏洞

PHPCMS是国内领先的网站管理系统，同时也是一个开源的PHP开发框架。 PHPCMS 2008在处理某些模板参数时存在安全漏洞，其yp/product.php页面的pagesize参数没有正确进行检查过滤，导致可以提交任意字符，远程攻击者可利用此漏洞执行任意命令 具体的代码触发路径是这样的： phpcms/yp/product.php中获取pagesize参数，拼接为$urlrule变量。随后将之带入yp目录下的product.html模板之中。在模板执行后，进入到get函数处理中，最后经过get-pages-pageurl函数，最终触发pageurl的如下代码： eval"$url ...