phpwcms 'preg_replace()'多个远程PHP代码注入漏洞

BUGTRAQ ID: 56964 phpwcms是开源内容管理系统。 phpwcms 1.5.4.6及其他版本在实现上存在多个代码注入漏洞，通过身份验证的远程攻击者可以用"backend user""admin user""backend user"账户利用这些漏洞（"frontend user"账户不能利用这些漏洞）在受影响计算机内执行任意PHP脚本代码。 0 phpwcms = v1.5.4.6 厂商补丁： phpwcms ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpwcms.de/...

phpwcms 1.5.4.6 Remote Code Execution

?php / phpwcms = v1.5.4.6 "pregreplace" remote code execution exploit vendor: http://www.phpwcms.de/ Download: github.com/slackero/phpwcms by: aeon Well it appears there are multiple remote code execution bugs that exists in phpwcms for quite some time now. Here I will exploit one of them, but ma...

PHPWCMS 1.5.4.6 - preg_replace Multiple Vulnerabilities

PHPWCMS 1.5.4.6 - pregreplace Multiple Vulnerabilities ?php / phpwcms = v1.5.4.6 "pregreplace" remote code execution exploit vendor: http://www.phpwcms.de/ Download: github.com/slackero/phpwcms by: aeon Well it appears there are multiple remote code execution bugs that exists in phpwcms for quite...

PHPWCMS 1.5.4.6 - 'preg_replace' Multiple Vulnerabilities

?php / phpwcms = v1.5.4.6 "pregreplace" remote code execution exploit vendor: http://www.phpwcms.de/ Download: github.com/slackero/phpwcms by: aeon Well it appears there are multiple remote code execution bugs that exists in phpwcms for quite some time now. Here I will exploit one of them, but ma...

phpwcms <= v1.5.4.6 "preg_replace" Multiple Vulnerabilities

Exploit for php platform in category web applications ?php / phpwcms = v1.5.4.6 "pregreplace" remote code execution exploit vendor: http://www.phpwcms.de/ Download: github.com/slackero/phpwcms by: aeon Well it appears there are multiple remote code execution bugs that exists in phpwcms for quite...

CVE-2011-3789

phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/incscript/frontendrender/disabled/majonavi.php and certain other files...

Information disclosure

phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/incscript/frontendrender/disabled/majonavi.php and certain other files...

CVE-2011-3789

The CVE-2011-3789 entry concerns phpwcms 1.4.7 r412, where remote attackers can disclose sensitive information by directly requesting certain PHP files (e.g., template/inc_script/frontend_render/disabled/majonavi.php), causing error messages to reveal the installation path. The connected sources ...

CVE-2011-3789

phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/incscript/frontendrender/disabled/majonavi.php and certain other files...

phpwcms v1.4.7 XSRF Vulnerability (Add Admin User)

Exploit for php platform in category web applications + Exploit Title: phpwcms v1.4.7 XSRF VulnerabilityAdd Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"phpwcms Copyright" + Download Link :...

phpwcms 1.4.7 Cross Site Request Forgery

Exploit Title: phpwcms v1.4.7 XSRF VulnerabilityAdd Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"phpwcms Copyright" + Download Link : http://phpwcms.googlecode.com/files/phpwcmsr412.zip + PHPCMS Official website :...

phpwcms Detection

The remote web server hosts phpwcms, a web-based content management system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid48202; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"phpwcms...

phpwcms 1.4.5 Cross Site Request Forgery / Cross Site Scripting

================================== Vulnerability ID: HTB22475 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinphpwcms.html Product: phpwcms Vendor: Oliver Georgi http://www.phpwcms.de/ Vulnerable Version: 1.4.5 and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerabili...

XSRF &#40;CSRF&#41; in phpwcms

Vulnerability ID: HTB22476 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpwcms.html Product: phpwcms Vendor: Oliver Georgi http://www.phpwcms.de/ Vulnerable Version: 1.4.5 and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerability Type: CSRF Cross-Site Request Forgery...

XSS vulnerability in phpwcms

Vulnerability ID: HTB22475 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinphpwcms.html Product: phpwcms Vendor: Oliver Georgi http://www.phpwcms.de/ Vulnerable Version: 1.4.5 and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerability Type: Stored XSS Cross Site...

PHPWCMS 1.4.5 - PHPwcms.php Cross-Site Scripting

PHPWCMS 1.4.5 - PHPwcms.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41720/info phpwcms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

PHPWCMS 1.4.5 - &#039;PHPwcms.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/41720/info phpwcms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

Multiple Vulnerabilities in phpwcms

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpwcms which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in phpwcms The vulnerability exists due to input sanitation error ...

PHPWCMS 1.4.5 r398 Cross Site Request Forgery

PHPWCMS 1.4.5 r389 Cross Site Request Forgery function myfunc var frm = document.getElementById"csrf"; frm.submit; window.onload = myfunc; input type="hidden"...

CSRF in PHPWCMS 1.4.5

?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah Talamantes RedTeam Security RedTeam Labs...