UCMS suffers from a file upload vulnerability (CNVD-2020-69467)

UCMS is a content management system written in PHP. UCMS has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Stored Cross-Site Scripting Vulnerability in Nethub CMS PHP Version

OTCMS Nettie CMS is an article-based web content management system CMS. A stored cross-site scripting vulnerability exists in the PHP version of OTCMS. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...

Debian: Security Advisory (DLA-2311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2311-1 : zabbix security update

It was discovered that there was a potential cross-site scripting vulnerability via iframe HTML elements in Zabbix, a PHP-based monitoring system. For Debian 9 'Stretch', this problem has been fixed in version 1:3.0.7+dfsg-3+deb9u1. We recommend that you upgrade your zabbix packages. For the...

SQL Injection Vulnerability in IBOS Office (CNVD-2020-41794)

IBOS is a collaborative office management system based on PHP development. The IBOS office system suffers from an SQL injection vulnerability, which can be exploited by attackers to gain access to sensitive database information...

Complaint Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: complaint management system 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...

ZZZphp sa***.php page sl*** parameter has SQL injection vulnerability

zzphp is a PHP and MYSQL based on free open source building system . ZZZphp sa.php page sl parameters exist SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

CMSimple has a code execution vulnerability

CMSimple is a small PHP-based web content management tool. A code execution vulnerability exists in CMSimple that can be exploited by an attacker to execute arbitrary code...

imcat SQL Injection Vulnerability

imcat is a PHP-based open source website building system . SQL injection vulnerability exists in imcat version 4.9, the vulnerability stems from the lack of validation of external input SQL statements in database-based applications, which can be exploited by attackers to execute illegal SQL...

PHKP 'pgp_exec()' function command injection vulnerability

PHKP is a PHP-based implementation of the OpenPGP HTTP secret key server protocol. A command injection vulnerability exists in the 'pgpexec' function of the phkp.php file in PHKP. The vulnerability stems from a network system or product not properly filtering special elements of externally entere...

SQL Injection Vulnerability in Seacms v9.9

SeaCMS is a video-on-demand system based on PHP+MySql technology. Seacms v9.9 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in deituiCMS

deituiCMS is a PHP-based open source content management system. A SQL injection vulnerability exists in deituiCMS, which can be exploited by attackers to obtain sensitive database information...

MicroChat Cross-Site Scripting Vulnerability

MicroChat is a PHP-based chat script. A cross-site scripting vulnerability exists in MicroChat. An attacker can exploit the vulnerability to conduct cross-site scripting attacks...

File upload vulnerability in PHPOK pl***.php

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A file upload vulnerability exists in PHPOK pl.php, which can be exploited by attackers to gain control of a web server...

F3-CMS FatFreeFramework 0.0.1 Database Disclosure

Exploit Title : F3-CMS FatFreeFramework 0.0.1 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : f3cms.ca fatfreeframework.com Software Download Link : github.com/vijinho/f3-cms/archive/dev-master.zip Software...

imcat information disclosure vulnerability (CNVD-2019-00972)

imcat is a PHP-based open source website building system . A security vulnerability exists in imcat version 4.4. An attacker can exploit the vulnerability to leak the full path with ev.php?tools-ipaddr&api=Pcoln&uip= URI...

Command Execution Vulnerability in Thunderwind Movie LFCMS v3.8.6

LFCMS is a film and television content management system developed in PHP and based on THINKPHP framework suitable for all kinds of video, film and television websites. LFCMS v3.8.6 has a command execution vulnerability, the vulnerability stems from the failure to filter cached data, an attacker...

SQL Injection Vulnerability in GreenCMS

GreenCMS is a ThinkPHP-based content management system. GreenCMS suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information...

EasyService Billing Cross-Site Request Forgery Vulnerability

EasyService Billing is a PHP-based service-oriented consumer business management system . A cross-site request forgery vulnerability exists in EasyService Billing version 1.0. A remote attacker can exploit this vulnerability to perform unauthorized operations with...

LvyeCms v3.1 has an arbitrary file write vulnerability

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. LvyeCms v3.1 version exists arbitrary file write vulnerability, the vulnerability is due to the system fails to fully filter the incoming file content and path parameters. An attacker can use this vulnerability to upload Trojan...