104 matches found
Command Execution Vulnerability in vaeThink
vae Think is a lightweight, high speed PHP content management framework built on Layui and tp5. vaeThink suffers from a command execution vulnerability that can be exploited by attackers to gain server privileges...
TPCMF has an xss vulnerability
TPCMF is a content management framework developed based on PHPCMF. TPCMF has an xss vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...
CVE-2018-20166
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...
Unrestricted file upload
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...
CVE-2018-20012
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI...
PHPCMS ty***.php file suffers from a code injection vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A code injection vulnerability exists in the PHPCMS ty.php file. An attacker can exploit the vulnerability to write arbitrary...
PHP7CMS frontend Se***.php file has SQL injection vulnerability
PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS foreground Se.php file exists SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information...
PT-2018-12490 · Phpcms · Phpcms
Name of the Vulnerable Software and Affected Versions: PHPCMS version 9.6.0 Description: The issue allows remote attackers to upload and execute arbitrary PHP code. This can be achieved by sending a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the...
CVE-2017-9674
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?returnurl=XSS exploitable as a regular or admin user...
CVE-2016-9836
The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...
PHPCMS V9 has a design flaw
PHPCMS is a content management system. A design vulnerability exists in the uc function under PHPCMS V9 yoursite\phpssoserver\phpcms\modules\admin\system.php, which can be exploited by attackers to gain control of the web server...
SQL Injection Vulnerability in hdcms Framework rname Parameter
HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the rname parameter of the hdcms framework, as the program fails to adequately filter the rname parameter and only does corresponding code auditing on the source code. An attacker is allowed to...
GeniXCMS 0.0.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and...
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="...
Pointter PHP Content Management System Unauthorized Privilege Escalation
No description provided by source. 'Pointter PHP Content Management System' Unauthorized Privilege Escalation CVE-2010-4332 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Pointter PHP Content Management System'...
NoAh <= 0.9 pre 1.2 (mfa_theme.php) Remote File Inclusion Vulnerability
No description provided by source. NoAh 0.9 The PHP Content Architect = Remote File Inclusion Vulnerability Dork:: Vuln Code ERROR:noah/modules/noevents/templates/mfatheme.php ?php include$tpls1; ? BUG: Example:http://site.com/path/noah/modules/noevents/templates/mfatheme.php?tpls1=Sh3LL Script...
PHP Content Architect 0.9 pre 1.2 MFA_Theme.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23843/info PHP Content Architect is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and...
DornCMS Application v1.4 - Multiple Web Vulnerabilities
Document Title: =============== DornCMS Application v1.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1113 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID: ==================================== 11...
Fedora Update for drupal7 FEDORA-2012-20794
Check for the Version of drupal7 OpenVAS Vulnerability Test Fedora Update for drupal7 FEDORA-2012-20794 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
S40 CMS 0.4.2b Local File Inclusion
Security Advisory Details: 07/04/2001 Script S40 CMS 0.4.2 Beta Location http://s40.biz/?p=download Vulnerability Local File Inclusion Original Adv http://y-osirys.com/security/exploits/id27 Author Giovanni Buzzin, "Osirys" Site y-osirys.com Contact osirysatautisticidotorg...