544 matches found
Information Disclosure Vulnerability in ESPCMS Professional Edition
ESPCMS is a PHP MYSQL based enterprise building management system. An information disclosure vulnerability exists in ESPCMS Professional, which can be exploited by attackers to obtain sensitive information...
Command Execution Vulnerability in Oracle's Website Marketing System
Oxbridge Website Marketing System is an open source content management system, the product is based on PHP+MYSQL architecture, and can run on Windows, Linux, MacOSX, Solaris and other various platforms. Oxbones Website Marketing System has a command execution vulnerability that can be exploited b...
File Upload Vulnerability in Oracle Website Marketing System
Oxbridge Website Marketing System is an open source content management system, the product is based on PHP+MYSQL architecture, and can run on Windows, Linux, MacOSX, Solaris and other various platforms. Oxbones Website Marketing System has a file upload vulnerability that can be exploited by an...
MyuCMS suffers from an arbitrary file read vulnerability (CNVD-2021-49567)
MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...
SQL Injection Vulnerability in Ai Qing Lemon CMS (CNVD-2021-50624)
Aizumi CMS is a php music website developed with php MySQL. Aizumi CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
BlueCMS suffers from a command execution vulnerability (CNVD-2021-48546)
BlueCMS is a portal system applied to local classified information, the development language architecture is php mysql architecture. BlueCMS has a command execution vulnerability that can be exploited by an attacker to gain control of the server...
BlueCMS suffers from a command execution vulnerability (CNVD-2021-48545)
BlueCMS is a portal system applied to local classified information, the development language architecture is php mysql architecture. BlueCMS has a command execution vulnerability that can be exploited by an attacker to gain control of the server...
XSS Vulnerability in DHCMS
DHCMS is a content management system based on PHP and MySQL. DHCMS has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...
BlueCMS suffers from SQL injection vulnerability (CNVD-2021-48548)
BlueCMS is a portal system applied to local classified information, the development language architecture is php mysql architecture. BlueCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Command Execution Vulnerability in Man City CMS
Man City CMS program is a set of CI framework for the development of the core, in the PHP + MYSQL environment running under the perfect and powerful rapid station-building system. A command execution vulnerability exists in ManCity CMS, which can be exploited by attackers to cause command executi...
GNUBOARD5 cross-site scripting vulnerability (CNVD-2021-45753)
GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the act parameter in bbs/moveupdate.php...
phpwcms code injection vulnerability
phpwcms is an open source Web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. phpwcms suffers from a code injection vulnerability that can be exploited by attackers via /phpwcms/setup/setup.php...
Textpattern Arbitrary File Upload Vulnerability
Textpattern is a free open source content management system based on PHP and MySQL. Textpattern has an arbitrary file upload vulnerability. An attacker can use the fileinsert function in include/txpfile.php to upload arbitrary files...
Aptar CMS has a flawed logic vulnerability
Aptar CMS website management system adopts PHP+MYSQL technology, supports pseudo-static function, can generate google and baidu maps, supports custom url, keywords and description, and facilitates SEO search. Aptar CMS has a logic flaw vulnerability that can be exploited by attackers to compromis...
KuaiFanCMS Arbitrary File Read Vulnerability
KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...
SQL Injection Vulnerability in RPCMS (CNVD-2021-45386)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL. RPCMS suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
defenselessV1 - Just Another Vulnerable Web Application
Defenseless is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable...
YXcms has a directory traversal vulnerability
YXcms is a PHP and MySQL based enterprise building content management system CMS. A directory traversal vulnerability exists in YXcms. An exploiter can use this vulnerability to traverse files on the server to obtain sensitive information...
Simple-Log Cross-Site Request Forgery Vulnerability
Simple-Log is an open source free blog system based on PHP+MySQL. A cross-site request forgery vulnerability exists in Simple-Log v1.6, which is caused by Simple-Log not adequately verifying that requests come from trusted users. The vulnerability can be exploited to gain privileges and execute...
BloofoxCMS Cross-Site Scripting Vulnerability (CNVD-2021-40550)
BloofoxCMS is a free and open source web content management system based on PHP+MySQL. A reflective cross-site scripting vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using the fileurl parameter to conduct cross-site scripting attacks...