19 matches found
EUVD-2025-4505
Malicious code in bioql PyPI...
EUVD-2025-4456
Malicious code in bioql PyPI...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
CVE-2025-25958
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script...
CVE-2025-25958
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script...
CVE-2025-25958
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
PT-2025-7590 · Phpcmsv9 · Phpcmsv9
Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: The issue allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. This is a Cross-Site Scripting issue. Recommendations: For phpcmsv9...
PT-2025-7589 · Phpcmsv9 · Phpcmsv9
Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: Cross Site Scripting vulnerabilities in phpcmsv9 allow a remote attacker to escalate privileges via a crafted script. Recommendations: For phpcmsv9 version 9.6.3, update to a version that fixes the Cross Si...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
CVE-2025-25960
CVE-2025-25960 is a Cross Site Scripting vulnerability affecting phpcmsv9 v9.6.3. The issue allows a remote attacker to escalate privileges via the member center’s menu interface in the background administrator. Reported impact is a partial privilege escalation with low confidentiality/integrity ...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
CVE-2025-25958
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script...
CVE-2025-25958
This CVE (CVE-2025-25958) affects phpcmsv9 v9.6.3 and is a Cross Site Scripting vulnerability that allows a remote attacker to escalate privileges via a crafted script. The vulnerability is documented across multiple sources (NVD, Red Hat, CNNVD, CVE lists) with the root cause described as XSS in...
用友某金融站点存在sql注射漏洞
简要描述: 不求礼物,但求rank。 详细说明: 站点为:https://www.yonyoufinancial.com 存在PHPcmsV9 referer 注入漏洞 使用exp获取管理员帐号密码: 然后觉得能拿到的东西太少,丢sqlmap跑了一下: 可惜不是root权限,要不直接写shell了~ exp链接(来自独自等待大牛博客): http://www.waitalone.cn/phpcmsv9-posterclick-injection-exp.html 漏洞证明: 如上...
PHPCMSv9 add_favorite.php SQL注入
No description provided by source...
phpcms v9 arbitrary file read vulnerability exp-vulnerability warning-the black bar safety net
? php / PHPcms V9 arbitrary file read vulnerability Detection Tool @author the Return of the Blog: www.creturn.com Email: [email protected] Note that this app only to learn reference, shall not be used for illegal interactions Otherwise the consequences conceited, and I is independent of! /...
PhpcmsV9 arbitrary user password modification logic vulnerability-vulnerability warning-the black bar safety net
I actually sent the first vulnerability, see Tick: PhpcmsV9 SQL injection 2 0 1 3-year new year the first Mentioned pass code: parsestrsysauth$POST'data', 'DECODE', $this-applist$this-appid'authkey', $this-data; In phpssoserver/phpcms/modules/phpsso/classes/phpsso. class. php. I leave it up to yo...
PhpcmsV9 SQL injection 2 0 1 3-year New Year second-vulnerability warning-the black bar safety net
Brief description: Second, such as about came, Thank you for your attention, the second sent using an unrestricted SQL injection, the final object you can modify any user's password, the recommendations confirm the safety hazard rating of high. Tomorrow then update the next vulnerability. Detaile...