CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...

CVE-2025-27411

CVE-2025-27411 concerns REDAXO, a PHP-based CMS. The vulnerability is in the mediapool/media page prior to version 5.18.3, where insufficient validation allows an arbitrary file upload. Documents consistently state that this could enable uploading and potentially executing malicious files, enabli...

FeehiCMS Arbitrary File Upload Vulnerability (CNVD-2023-58819)

FeehiCMS is a Php-based CMS builder. FeehiCMS version 2.0.8 has an arbitrary file upload vulnerability that can be exploited by remote attackers to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

FeehiCMS Cross-Site Scripting Vulnerability

FeehiCMS is a Php-based CMS builder by Liufee's personal developer. feehiCMS version v2.1.1 has a security vulnerability that stems from the ability to inject carefully crafted payloads via the comment box under the single page module. No detailed vulnerability details are currently available...

OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33602)

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions.Exponent CMS has a cross-site scripting vulnerability, which...

Maccms Cross-site Request Forgery Vulnerability (CNVD-2022-13188)

Maccms is a PHP-based film and television content management system CMS. Maccms version 10 has a security vulnerability that can be exploited by an authenticated attacker to delete all users via "admin.php/admin/admin/del/ids/＜id＞.html"...

File upload vulnerability in PHPOK pl***.php

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A file upload vulnerability exists in PHPOK pl.php, which can be exploited by attackers to gain control of a web server...

Jojo CMS X-Forwarded-For header SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected system: Jojo CMS Jojo CMS 1.2.2 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 9 9 3 4 CVECAN ID: CVE-2 0 1 3-3 0 8 1 Jojo CMS is SEO-friendly, scalable, PHP-based CMS. Jojo CMS 1.2.2 previous version, the...

Icy Phoenix 2.0 Cross Site Scripting

Exploit Title: Icy Phoenix 2.0 CMS - Cross Site Scripting Vulnerability Google Dork: intext:"Powered by Icy Phoenix based on phpBB" Date: 25-09-2013 Exploit Author: syst3mf4ult Vendor Homepage: http://www.icyphoenix.com Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=178...

Kamads Classifieds 2.0 - Admin Hash Disclosure

\n"; print "\nex...........: php $argv0 http://www.target.com/V2AXHTML/admin/admin.php\n"; die; else $ch = curlinit; curlsetopt$ch,CURLOPTURL,"$argv1"; $op1 = curlsetopt$ch,CURLOPTRETURNTRANSFER,true; curlsetopt$ch,CURLOPTUSERAGENT,"Mozilla/4.0 compatible; MSIE 5.01; Windows NT 5.0";...

WebsiteBaker 2.8.1 <= Multiple Vulnerabilities

Exploit for php platform in category web applications ============================================================ WebsiteBaker 2.8.1 = Arbitrary File Upload Vulnerability ============================================================ 1. OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable...

1024 CMS <= 2.1.1 Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== 1024 CMS Blind SQL Injection The RSS page rss.php is vulnerable to SQL injection. The GET variable 'id' is not sanitized correctly in the SQL query. This hole can be used for extracting...

1024CMS Blind SQL Injection Vulnerability

www.BugReport.ir AmnPardaz Security Research Team Title: 1024CMS Blind SQL Injection Vulnerability Vendor: http://www.1024cms.org/ Vulnerable Version: 2.1.1 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: 1024CMS is a PHP-based CMS which uses MySQL as its backend...

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

ConPresso CMS 4.07 Session Fixation / XSS

HACKATTACK Advisory 25012009ConPresso CMS 4.07 - Session Fixation, XFS, XSS Details Product: ConPresso CMS 4.07 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.de/ Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

HACKATTACK Advisory 3Social Impress CMS 1.1 - Session Fixation Details Product: Impress CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.impresscms.info Vendor-Status: informed Advisory-Status: not yet published Credits Discovered by: David Vieira-Kurz...

auracms22-sql.txt

!/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.auracms.org ! Detected...: 19.01.2008 ! Reported...: 25.01.2008 ! Response...: 30.01.2008 ! Background.: AuraCMS is a CMS based on PHP and SQL ! Bug........: $GET'albums' in...

phpcms 3.0.0文件上传漏洞

漏洞文件: ads/upload.php、uppic.php require PHPCMSROOT."/class/upload.php"; if!$userid message"请您先登录或注册！" , PHPCMSPATH."member/login.php"; if$extid==1 $upfiletype= "jpg|png|gif"; elseif $extid==2 $upfiletype= "swf"; if$action=='upload' $fileArr = array 'file'=$uploadfile, 'name'=$uploadfilename,...