CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering

XMRS Multiple Vulnerabilities ZeroDay at 25-07-2008 Author: AzzCoder [email protected] Product: http://www.xrms.org/ Product Type: CRM Thanks: coresecurity.com Remote File Inclusion File: activities/workflow-activities.php Variable: $includedirectory Required registerglobals: Yes XSS Multiple...