Electrum 参数注入漏洞

Electrum is an electronic bitcoin wallet. A security vulnerability exists in versions of Electrum prior to 4.2.2 that stems from paymentrequest.py allowing the use of a file protocol URL file:// in the r parameter of a payment request. On Windows, this could lead to capturing credentials via SMB...

CVE-2021-30114

Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...