CVE-2024-25181

CVE-2024-25181 affects givanz VvvebJs 1.7.2. The issue stems from improper handling of user-supplied URLs in the file_get_contents call in save.php, enabling Server-Side Request Forgery (SSRF) and arbitrary file reading. The CVSSv3.1 base score is 9.1 (CRITICAL) with NETWORK_VECTOR, LOW attack co...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator by Givan Personal Developers. A security vulnerability exists in VvvebJs version 1.7.2, which stems from a file upload vulnerability in save.php...

CVE-2020-19682

A Cross Site Request Forgery CSRF vulnerability exits in ZZZCMS V1.7.1 via the saveuser funciton in save.php...

Cross site scripting

Cross-site scripting XSS vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter...

Limesurvey Blind SQL Injection

Exploit Title: LimeSurvey Blind SQL injection Date: 20/02/2012 Author: TorTukiTu - OpenSphere Version: 1.91+ build 11804 Tested on: php ckeprotectedCckeprotectedC ------------------------------------------------------------------------- TorTukiTu - Killing Tortoise ,-"""-. oo./ / \ /\ /// \...