JIZHICMS 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. JIZHICMS versions 2.5.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by insufficient input cleaning in the publish function of the app/home/c/UserController.php file,...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the onpublish function. An attacker can extract sensitive database contents, including user password hashes, email addresses, API keys, and...

PT-2024-21861 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330 Description: An issue was discovered in the function slsi nan publish get nl params, where there is no input validation check on hal req-service specific info len coming...

Command Injection

monorepo-build is vulnerable to command injection. The vulnerability exists in the publish function in index.js which allows an attacker to inject and execute arbitrary commands...

Command Injection

Overview All versions of npm-git-publish are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an execSync call, which may allow attackers to execute arbitrary code in the system. The publish function is vulnerable through the gitRemoteUrl variable...

Cross site scripting

Cross-site scripting XSS vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...