in flatcore/flatcore-cms

Description Use of incorrect operator == and != for pagepsw Proof of Concept If my actual page password is 240610708 then an attacker can key in QLTHNDT because: md5240610708 = 0e462097431906509019562988736854 md5QLTHNDT = 0e405967825401955372549139051580 And PHP will evaluate...

iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities

No description provided by source. "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...