MRCMS 安全漏洞

MRCMS is a content management system by the individual developers of marker. A security vulnerability exists in MRCMS version v3.1.2, which originates from the /file/save.do module containing an arbitrary file write vulnerability...

Design/Logic Flaw

Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...

CVE-2012-2075

Cross-site scripting XSS vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-2075

CVE-2012-2075 is a Cross-Site Scripting vulnerability in the Drupal Contributed module Contact Save (6.x-1.x) prior to version 6.x-1.5 . The issue arises because the module does not sufficiently filter user-submitted text, allowing a remote authenticated user with the access site-wide contact for...