14 matches found
EUVD-2023-23692
Malicious code in bioql PyPI...
CVE-2023-1442
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...
CVE-2023-1442
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...
CVE-2023-1442
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...
Design/Logic Flaw
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...
CVE-2023-1442 Meizhou Qingyunke QYKCMS Update api.php unrestricted upload
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...
CVE-2023-1442
CVE-2023-1442 affects Meizhou Qingyunke QYKCMS 4.3.0, specifically the Update Handler’s /admin_system/api.php and the downurl parameter, which enables unrestricted file upload. The vulnerability allows remote initiation and has public exploits disclosed. According to sources, the issue stems from...
CVE-2023-1442 Meizhou Qingyunke QYKCMS Update api.php unrestricted upload
A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...
SQL injection vulnerability in QYKCMS background fe***.php page
QYKCMS QYK CMS or QYKCMS for short is a PHP+MySql based website management system. A SQL injection vulnerability exists in the QYKCMS backend fe.php page. An attacker can exploit the vulnerability to obtain sensitive information from the database...
Code Execution Vulnerability in QYKCMS Version 4.3.2
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS 4.3.2 version of the code execution vulnerability, the vulnerability stems from the modification of the configuration of the incoming parameters are not filtered, allowing attackers to exploit...
QYKCMS template.php page has an arbitrary file reading vulnerability
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS template.php page arbitrary file reading vulnerability. The vulnerability is caused by the system does not effectively filter parameters. Attackers can use the vulnerability to obtain sensitive...
Stored Cross-site Scripting Vulnerability in QYKCMS Frontend lib_post.php Page
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. A stored cross-site scripting vulnerability exists in the QYKCMS frontend libpost.php page. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading...
QYKCMS update.php page has an arbitrary file deletion vulnerability
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS update.php page exists arbitrary file deletion vulnerability. Allow attackers to exploit the vulnerability to delete arbitrary files, such as deleting install.lck for CMS reloading, hijacking t...
QYKCMS upfile.php page has an arbitrary file upload vulnerability
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS upfile.php page exists arbitrary file upload vulnerability. Allow attackers to exploit the vulnerability by uploading a script Trojan horse, thus controlling the server privileges...