CVE-2019-10027

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox aka E-mail field on the personal information screen...

JTBC(PHP) File Upload Vulnerability

JTBC PHP is a PHP-based open source content management system CMS. A file upload vulnerability exists in JTBCPHP version 3.0.1.8, which can be exploited to upload arbitrary files with the help of console//console/file/manage.php?type=list URI...

CVE-2018-14940

PHPCMS 9 allows remote attackers to cause a denial of service resource consumption via large fontsize, height, and width parameters in an api.php?op=checkcode request...

SeaCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-14275)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A cross-site request forgery vulnerability exists in SeaCMS version 6.61. A remote attacker can exploit this vulnerability to add an...

Code Execution Vulnerability in PHPCMS v9.6.3

PHPCMS is a web content management system based on PHP and Mysql architecture. A code execution vulnerability exists in the backend of phpcms version v9.6.3, which can be exploited by attackers to gain server privileges...

PHPCMS V9.6.3 CSRF Vulnerability and Arbitrary File Write Vulnerability in the Backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPcms V9.6.3 version of the backend exists CSRF vulnerability and arbitrary file write vulnerability. Attackers can use this vulnerability to remotely write Trojan horse files to obtain web server administrative...

[SECURITY] Fedora 24 Update: drupal7-7.56-1.fc24

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

PHPCMS 'phpcms\modules\member\index.php ' Arbitrary Password Reset Vulnerability

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. PHPCMS 'phpcms\modules\member\index.php ' has an arbitrary password rese...

PHPCMS '/phpcms/modules/member/index.php' file upload vulnerability

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. A file upload vulnerability exists in PHPCMS...

LEPTON 2.2.2 - Remote Code Execution

LEPTON 2.2.2 - Remote Code Execution Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Co...

DornCMS v1.4 - (FileManager) Persistent XSS Vulnerability

Document Title: =============== DornCMS v1.4 - FileManager Persistent XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1885 Release Date: ============= 2016-07-25 Vulnerability Laboratory ID VL-ID: ==================================== 18...

PivotX 2.3.11 Directory Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016...

Grawlix 1.0.3 - Cross-Site Request Forgery

Grawlix 1.0.3 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/20...

Grawlix 1.0.3 - Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Grawlix 1.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.getgrawlix.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/17/2015 Disclosed to public: 12/21/2015 Release...

Novius 5.0.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product:...

Novius OS 5.0.1-elche XSS / LFI / Open Redirect

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

ecommerceMajor SQL Injection Vulnerability

ecommerceMajor suffers from remote SQL injection vulnerabilities. Exploit Title : ecommercemajor ecommerce CMS SQL Injection and Authentication bypass Author : Manish Kishan Tanwar Home page Link : https://github.com/xlinkerz/ecommerceMajor Date : 22/01/2015 Discovered at : IndiShell Lab Love to ...

ecommerceMajor - SQL Injection Authentication Bypass

ecommerceMajor - SQL Injection Authentication Bypass Exploit Title : ecommercemajor ecommerce CMS SQL Injection and Authentication bypass Author : Manish Kishan Tanwar Home page Link : https://github.com/xlinkerz/ecommerceMajor Date : 22/01/2015 Discovered at : IndiShell Lab Love to : zero...

adaptcms lite 1.5 - Remote File Inclusion Vulnerability

No description provided by source. / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion...

Parsi PHP CMS 2.0 'index.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33914/info Parsi PHP CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...