371 matches found
PHPCMS V9 urlrule.php file SQL injection vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A SQL injection vulnerability exists in the PHPCMS V9 urlrule.php file, which allows attackers to exploit the vulnerability to...
PHPCMS V9 role.php file SQL injection vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A SQL injection vulnerability exists in the PHPCMS V9 role.php file, which allows attackers to exploit the vulnerability to obtai...
PHPCMS V9 badword.php file SQL injection vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A SQL injection vulnerability exists in the PHPCMS V9 badword.php file, which allows attackers to exploit the vulnerability to...
PHPCMS V9 member_group.php file SQL injection vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A SQL injection vulnerability exists in the PHPCMS V9 membergroup.php file, which allows attackers to exploit the vulnerability t...
PHPCMS /phpcms/modules/video/video_for_ck.php SQL注入
No description provided by source...
phpcms后台低权限任意命令执行
No description provided by source...
phpcms v9 逻辑缺陷导致可重置任意用户密码
No description provided by source...
phpcms v9 目录穿越(遍历)漏洞
No description provided by source...
phpcms v9 后台任意文件读取(可获取authkey)
No description provided by source...
PHPCMS V9 phpsso/index.php authkey 泄露漏洞
No description provided by source...
PHPCMS /phpsso_server/phpcms/modules/phpsso/index.php任意代码执行
No description provided by source...
PHPCMS v9.6.0 SQL注入漏洞
No description provided by source...
Multiple vulnerabilities in phpcms
phpcms is an open source content management system. Multiple vulnerabilities exist in phpcms. Attackers use the vulnerabilities to log into the backend of phpssoserver to obtain sensitive information...
PHPCMS后台CSRF
No description provided by source...
PHPCMS v9.5.* vote模块 命令执行
No description provided by source...
PHPCMS V9 /api.php Authkey 信息泄漏
No description provided by source...
phpcms v9用户登录处存在sql注入漏洞
password字段如果存在特殊字符,在传入到程序时仍然会被转义,而且在phpsso的login中使用的是username做数据库查询,而不是password。针对第一个问题我们可以使用二次url编码的方法来搞定,在解码之后程序还是用了parsestr对字符串进行了拆解,而这个函数还附带了解url编码的功能。所以,我们只需要在传password内容时传递%2527就可以让单引号出现在phpsso的变量中了。第二个问题也用到parsestr的功能,parsestr在解析“username=123&password=456”这样的字符串,会把它解析为:Array username=123,...
phpcms v9 /modules/phpsso/index.php SQL注入漏洞
No description provided by source...
phpcms v9 latest high-risk sql injection exp-vulnerability warning-the black bar safety net
Get the current database http://192.168.1.139:8080/phpcms/index.php?m=member&c=index&a=login post: forward=http%253A%252F%252F192. 1 6 8. 1. 1 3 9%253A8080%252Fphpcms%252Findex. php%253Fm%253Dmember&username=phpcms&password=1 2 3 4 5 6%26username%3d%2 5 2 7%2bunion%2bselect%2b%2 5 2 7 2% 2 5 2...
用友政务官方网站存在漏洞导致authkey泄露
简要描述: 用友政务官方网站存在漏洞导致authkey泄露 详细说明: 同学在用友政务工作,闲着没事看了看他们的官方网站,顺便手贱摸了一下·· http://www.yonyougov.com/index.php?m=admin&c=index&a=login&pchash= PHPCMS V9的系统 authkey很重要,可注射拿shell...