371 matches found
CVE-2011-0644
CVE-2011-0644 describes a SQL injection vulnerability in PHPCMS 2008 V2, specifically in the include/admin/model_field.class.php file. The issue can be exploited via the modelid parameter to flash_upload.php, enabling remote attackers to execute arbitrary SQL commands. Connected sources (NVD/NIST...
CVE-2011-0644
SQL injection vulnerability in include/admin/modelfield.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flashupload.php...
CVE-2011-0645
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the wheretime parameter in a get action...
CVE-2011-0645
CVE-2011-0645 corresponds to a SQL injection in PHPCMS 2008 V2, specifically in data.php via the where_time parameter of a get action, enabling remote arbitrary SQL execution. The vulnerability is due to improper handling of user-supplied input in the query, as reported across multiple sources (N...
phpcms 2 0 0 8 V2 injection vulnerability 0day analysis-vulnerability warning-the black bar safety net
Release date: 2011-01. 2 2 Publishing author: xhm1n9 Affected versions: Phpcms 2 0 0 8 V2 Official website: Vulnerability type: SQL injection Vulnerability description: 根目录下flashupload.php file$modelid useless in single quotation marks protection, the front is also missing the filter, the presenc...
phpcms V9 BLind SQL Injection Vulnerability
================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link:...
PHP CMS 9 Blind SQL Injection
================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link:...
phpCMS 9.0 - Blind SQL Injection
phpCMS 9.0 - Blind SQL Injection ================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link:...
phpCMS 9.0 - Blind SQL Injection
================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link:...
Phpcms 2008 SQL Injection Vulnerability
Exploit for php platform in category web applications -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: REMOTE SQL iNJECTioN Vendor: www.phpcms.cn + Software: Phpcms 2008 V2 + author: R3d-D3v!L + TEAM: Xp10hACKEr & 403-T3AM ...
phpCMS 2008 - SQL Injection
phpCMS 2008 - SQL Injection -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: REMOTE SQL iNJECTioN Vendor: www.phpcms.cn + Software: Phpcms 2008 V2 + author: R3d-D3v!L + TEAM: Xp10hACKEr & 403-T3AM ? contact: Xathotmail.co.j...
phpCMS 2008 - SQL Injection
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: REMOTE SQL iNJECTioN Vendor: www.phpcms.cn + Software: Phpcms 2008 V2 + author: R3d-D3v!L + TEAM: Xp10hACKEr & 403-T3AM ? contact: Xathotmail.co.jp - ? Date: 17.jan.2011 ?...
PHPCMS 2008 SQL Injection
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Tybe: REMOTE SQL iNJECTioN Vendor: www.phpcms.cn + Software: Phpcms 2008 V2 + author: R3d-D3v!L + TEAM: Xp10hACKEr & 403-T3AM ? contact: Xathotmail.co.jp - ? Date: 17.jan.2011 ?...
phpCMS 2008 V2 - 'data.php' SQL Injection
source: https://www.securityfocus.com/bid/45913/info PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modi...
phpCMS 2008 V2 - data.php SQL Injection
phpCMS 2008 V2 - data.php SQL Injection source: https://www.securityfocus.com/bid/45913/info PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
Phpcms 2 0 0 8 query.php SQL injection vulnerability-vulnerability warning-the black bar safety net
EXP: ask/query. php? action=editanswer&dosubmit=1&pid=2&posts%6D%6 5%7 3%7 3%6 1%6 7%6 5%6 0%3D%2 8% 7 3% 6 5%6C%6 5%6 3%7 4%2 0%7 0%6 1%7 3%7 3%7 7%6F%7 2%6 4%2 0%6 6%7 2%6F%6D%2 0%7 0%6 8%7 0%6 3%6D%7 3%5F%6D%6 5%6D%6 2%6 5%7 2%2 0%7 7%6 8%6 5%7 2%6 5 %2 0%6 7%7 2%6F%7 5% 7 0% 6 9% 6 4%3D%3 1%2...
Phpcms 2 0 0 8 two SQL injection vulnerabilities-vulnerability warning-the black bar safety net
Phpcms is a leading web content management system, but also is an open-source PHP development framework. SQL injectiona In the file api/space. api. php: $arrcontent = $content-listinfo"userid='$userid'", $order, 1, 1 0; //line 7 Listinfo function in the file include/admin/ content. class. php:...
Phpcms 2 0 0 8 query.php SQL injection vulnerability and repair programme-vulnerability warning-the black bar safety net
Affected version: Phpcms 2 0 0 8 vulnerability description: In the file the ask/query. php: case 'editanswer': //paragraph 3, line 9 if$dosubmit ifstrlen$answertext 1 0 0 0 0 showmessage'answer the number of words cannot exceed 1 0 0 0 0 characters'; $posts'message' = $M'useeditor' ? $answertext ...
Phpcms 2 0 0 8 space.api.php SQL injection vulnerability and fix-vulnerability warning-the black bar safety net
Affected version: Phpcms 2 0 0 8 vulnerability description: Phpcms is a leading web content management system, but also is an open-source PHP development framework. In the file api/space. api. php: $arrcontent = $content-listinfo"userid='$userid'", $order, 1, 1 0; //line 7 Listinfo function in th...
Phpcms 2008 query.php SQL注入漏洞
在文件ask/query.php中: case 'editanswer': //第39行 if$dosubmit ifstrlen$answertext 10000 showmessage'回答字数不能超过10000个字符'; $posts'message' = $M'useeditor' ? $answertext : striptags$answertext; $answer-edit$pid, $posts, $userid; $answer-edit在文件ask\include\answer.class.php中: function edit$id, $posts, $useri...