371 matches found
PHPCMS latest version authkey leakage vulnerability
PHPCMS is a content management system. PHPCMS latest version authkey leak vulnerability, attackers use authkey and cms comes with the encryption and decryption function can be encrypted, you can change the password, but also can be injected...
用友某业务站敏感信息泄漏+sql注入
简要描述: 用友某业务站敏感信息泄漏+sql注入 详细说明: 用友新道: http://home.seentao.com/ http://seentao.yonyou.com/ phpcms搭建,存在爆authkey漏洞,拿到key,想干什么干什么。。 WooYun: PHPCMS最新版本authkey泄露可注射拿shell 漏洞证明: 仅测试: web server operating system: Windows web application technology: PHP 5.3.29, Apache 2.4.10 back-end DBMS: MySQL 5.0...
phpcms存在存储型Xss
简要描述: phpcms存在存储型Xss 详细说明: 我已经成功注册了 用户名Z4lx 密码qwe123 然后点击我的信息旁边发布,我这里已经随便写了个信息发布了 信息随便写就行了 发布好了后点击我的信息 然后点击编辑 手机号码那里写入代码 ';alert'Z4l 然后点击保存 然后点击查看归属地 成功弹窗 只要是访问了此页面的 查看归属都会谈http://demo.phpmps.com/view.php?id=110 漏洞证明: 已证明...
phpcms front Desk arbitrary code execution php must be less than 5. 3-the vulnerabilities and early warning-the black bar safety net
phpcms v9 string2arrayfunction using the eval function,in more than one place may cause code execution vulnerability /phpssoserver/phpcms/libs/functions/global.func.php | 1 2 3 4 5 6 7 8 9 1 0 1 1 | / Converts a string to an array @param string $data the string @return array returns the array...
PHPCMS V9 /phpcms/modules/vote/index.php 代码执行漏洞
漏洞影响版本:phpcms v9.5.8漏洞分析:hpsso/index.php文件所有的操作都存在严重的注入问题,这个类文件的构造函数最先调用它的父构造函数,通过authkey来解析POST传入的data内容,解析后data中的内容会作为注册、登陆、删除用户等操作的内容依据,而这些操作都会将这些数据作为数据库查询语句使用。这个问题其实在XXX的《PHPCMS V9...
PHPCMS V9 /phpsso_server/phpcms/modules/phpsso/index.php SQL注入漏洞
/api/getmenu.phpfunction ajaxgetlist $cachefile = $GET'cachefile'; $cachefile = strreplacearray'/', '//', '', $cachefile; //$cachefile = pregreplace'/\x00-\x08\x0B\x0C\x0E-\x1F\x7F+/S', '', $cachefile; $path = $GET'path'; $path = strreplacearray'/', '//', '', $path; //$path =...
PHPCMS Arbitrary Code Execution Vulnerability
PHPCMS is an open source content management system. An arbitrary code execution vulnerability exists in the front-end of PHPCMS, which allows attackers to exploit this vulnerability to execute arbitrary code...
phpcms background arbitrary code execution vulnerability
phpcms is an open source content management system. phpcms backend exists arbitrary code execution vulnerability , due to phpcms source code program in many places using the string2array function , the function's parameters are directly executed by eval , so as long as there is a call to the...
phpcms latest version SQL injection a gold-bug warning-the black bar safety net
Brief description: phpcms SQL injectionthe latest version tested Detailed description: Vulnerability file code area /caches/cachesmodel/cachesdata/contentinput.class.php function image$field, $value $value = removexssstrreplacearray"'",'"','','',",$value; return trim$value; The filter is not in...
PHPCMS V9 one pleases vulnerability-vulnerability warning-the black bar safety net
Brief description: Don't know how to describe this vulnerability, anyway, in most cases you can do many things. Website registration is not on, it is not the official website demo. Detailed description: Install phpcms time will be forced to install it pass...
phpcms avatar upload vulnerability and the subsequent impact-vulnerability warning-the black bar safety net
Summer vacation writing articles, recent blog didn't dry, issued to entertainment. In response to the love of pot Mramydnei, the line masters of Somali pirates, the fd cattle(/fd's call for the establishment of the parsec team, and fellow teachers over the years of my education, I want to write...
phpCMS 1.1.7 include/class.layout_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
phpCMS 1.1.7 include/class.search_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
phpCMS 1.1.7 include/class.lib_indexer_universal_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
phpCMS 1.1.7 include/class.http_indexer_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
phpcms 9.0 - Blind SQL Injection Vulnerability
No description provided by source. ================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link...
phpCMS 1.1.7 include/class.parser_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
phpCMS 1.1.7 include/class.edit_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
PHPCMS 1.1/1.2 Cross-Site Scripting Vulnerability
No description provided by source...
Phpcms 2008 SQL Injection Vulnerability
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: REMOTE SQL iNJECTioN Vendor: www.phpcms.cn + Software: Phpcms 2008 V2 + author: R3d-D3v!L + TEAM: Xp10hACKEr & 403-T3AM ? contact:...