6 matches found
PHPOKCMS has a logical design flaw
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. A logical design vulnerability exists in PHPOKCMS. Attackers can log in to other accounts by grabbing packets and blasting CAPTCHA...
PHPOKCMS SQL Injection Vulnerability
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS suffers from SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
Code Execution Vulnerability in PHPOKCMS
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS suffers from a code execution vulnerability. An attacker can exploit this vulnerability by uploading a Trojan horse in a program upgrade/zip package upgrade to gain server privileges...
File Upload Vulnerability in PHPOKCMS Version 4.9.015
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. A file upload vulnerability exists in PHPOKCMS version 4.9.015. An attacker can exploit this vulnerability to write arbitrary files and obtain webmaster privileges...
PHPOKCMS backend exists arbitrary file download vulnerability
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS V4.8 version of the background of the existence of arbitrary file download vulnerability, attackers can use the vulnerability to download any file...
phpokcms 4.x CSRF漏洞
简要描述: 可蠕虫,可添加系统管理员。 详细说明: phpokcms存在csrf漏洞,管理员查看会员列表时不知不觉会自动添加新的系统管理员。 位置在会员头像处的img标签,由于新闻评论可显示头像,也可蠕虫发评论。 下面仅证明添加管理员的部分。 具体代码分析了,直接poc。 漏洞证明: 注册会员后打开如下链接。(域名路径请视情况修改)...