Lucene search
K

104 matches found

CNVD
CNVD
added 2019/05/23 12:0 a.m.2 views

Command Execution Vulnerability in vaeThink

vae Think is a lightweight, high speed PHP content management framework built on Layui and tp5. vaeThink suffers from a command execution vulnerability that can be exploited by attackers to gain server privileges...

7.5AI score
Exploits0
CNVD
CNVD
added 2019/04/27 12:0 a.m.2 views

TPCMF has an xss vulnerability

TPCMF is a content management framework developed based on PHPCMF. TPCMF has an xss vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

6.5AI score
Exploits0
NVD
NVD
added 2019/01/02 6:29 p.m.19 views

CVE-2018-20166

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...

8.8CVSS8.7AI score0.0712EPSS
Exploits5References2
Prion
Prion
added 2019/01/02 6:29 p.m.14 views

Unrestricted file upload

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...

6.5CVSS8.6AI score0.0712EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2018/12/10 9:29 a.m.4 views

CVE-2018-20012

PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI...

4.8CVSS5.8AI score0.00536EPSS
Exploits1References2
CNVD
CNVD
added 2018/11/22 12:0 a.m.2 views

PHPCMS ty***.php file suffers from a code injection vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A code injection vulnerability exists in the PHPCMS ty.php file. An attacker can exploit the vulnerability to write arbitrary...

7.8AI score
Exploits0
CNVD
CNVD
added 2018/11/06 12:0 a.m.2 views

PHP7CMS frontend Se***.php file has SQL injection vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS foreground Se.php file exists SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information...

7.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/07/19 12:0 a.m.7 views

PT-2018-12490 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: PHPCMS version 9.6.0 Description: The issue allows remote attackers to upload and execute arbitrary PHP code. This can be achieved by sending a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the...

9.8CVSS9.6AI score0.01472EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/06/15 6:29 p.m.1 views

CVE-2017-9674

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...

5.4CVSS5.4AI score0.00656EPSS
Exploits1References2
NVD
NVD
added 2016/12/05 5:59 p.m.16 views

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...

9.8CVSS9.7AI score0.01883EPSS
Exploits2References2
CNVD
CNVD
added 2016/09/19 12:0 a.m.2 views

PHPCMS V9 has a design flaw

PHPCMS is a content management system. A design vulnerability exists in the uc function under PHPCMS V9 yoursite\phpssoserver\phpcms\modules\admin\system.php, which can be exploited by attackers to gain control of the web server...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2016/08/24 12:0 a.m.3 views

SQL Injection Vulnerability in hdcms Framework rname Parameter

HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the rname parameter of the hdcms framework, as the program fails to adequately filter the rname parameter and only does corresponding code auditing on the source code. An attacker is allowed to...

8AI score
Exploits0
0day.today
0day.today
added 2015/03/10 12:0 a.m.21 views

GeniXCMS 0.0.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/10/14 12:0 a.m.39 views

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Pointter PHP Content Management System Unauthorized Privilege Escalation

No description provided by source. 'Pointter PHP Content Management System' Unauthorized Privilege Escalation CVE-2010-4332 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Pointter PHP Content Management System'...

7.5CVSS0.7AI score0.06954EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

NoAh <= 0.9 pre 1.2 (mfa_theme.php) Remote File Inclusion Vulnerability

No description provided by source. NoAh 0.9 The PHP Content Architect = Remote File Inclusion Vulnerability Dork:: Vuln Code ERROR:noah/modules/noevents/templates/mfatheme.php ?php include$tpls1; ? BUG: Example:http://site.com/path/noah/modules/noevents/templates/mfatheme.php?tpls1=Sh3LL Script...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

PHP Content Architect 0.9 pre 1.2 MFA_Theme.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23843/info PHP Content Architect is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2013/10/13 12:0 a.m.17 views

DornCMS Application v1.4 - Multiple Web Vulnerabilities

Document Title: =============== DornCMS Application v1.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1113 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID: ==================================== 11...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/01/08 12:0 a.m.23 views

Fedora Update for drupal7 FEDORA-2012-20794

Check for the Version of drupal7 OpenVAS Vulnerability Test Fedora Update for drupal7 FEDORA-2012-20794 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6CVSS7.6AI score0.03008EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2011/04/07 12:0 a.m.30 views

S40 CMS 0.4.2b Local File Inclusion

Security Advisory Details: 07/04/2001 Script S40 CMS 0.4.2 Beta Location http://s40.biz/?p=download Vulnerability Local File Inclusion Original Adv http://y-osirys.com/security/exploits/id27 Author Giovanni Buzzin, "Osirys" Site y-osirys.com Contact osirysatautisticidotorg...

7.4AI score
Exploits0
Rows per page
Query Builder