XSS Vulnerability in the CmsEasyQA Reward Q&A System of Siping City Jiuzhou Yitong Technology Co.

CmsEasyQA Reward Q&A System is a php Q&A system developed in PHP+MySQL. CmsEasyQA Reward Q&A System of Siping City Jiuzhou Yitong Technology Co., Ltd. has an XSS vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies...

SQL injection vulnerability in ask2 Q&A system backend (CNVD-2019-30155)

ASK2 Q&A is an open source PHP Q&A program. There is a SQL injection vulnerability in the backend of ask2 Q&A System, which can be exploited by attackers to obtain sensitive information about the database...

ask2 Q&A system front user.php file exists arbitrary user password change vulnerability

ask2 Q&A is an open source PHP Q&A program. There is an arbitrary user password change vulnerability in the ask2 Q&A System frontend user.php file. An attacker can exploit the vulnerability to directly modify the password of the administrator user...

TIPASK问答系统SQL注入二（有多个大型互联网企业案例）

简要描述： 审核真给力，刚提交就通过了 ，赞啊！！！！ 详细说明： 部分案例： 经分析下列文件存在注入 /control/message.php 代码如下 function onremovedialog if$this-post'messageauthor' $authors = $this-post'messageauthor'; $ENV'message'-removebyauthor$authors; $this-message"对话删除成功!", geturlsource; 跟进removebyauthor函数 function removebyauthor$authors...