Lucene search
+L

67 matches found

CVE
CVE
added 2018/11/25 8:0 p.m.626 views

CVE-2018-19520

CVE-2018-19520 targets SDCMS 1.6 on PHP 5.x. The admin path app/admin/controller/themecontroller.php uses a check_bad function intended to block certain PHP functions (e.g., eval) but does not block preg_replace with the /e/ modifier, enabling an attacker with admin template access to execute arb...

8.8CVSS8.9AI score0.02917EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/11/25 8:0 p.m.41 views

CVE-2018-19520

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...

9.3AI score0.02917EPSS
Exploits1References2
Prion
Prion
added 2018/05/12 4:29 a.m.13 views

Cross site request forgery (csrf)

An issue was discovered in SDcms v1.5. Cross-site request forgery CSRF vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add...

6.8CVSS8.7AI score0.0058EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/05/12 4:29 a.m.7 views

CVE-2018-11004

An issue was discovered in SDcms v1.5. Cross-site request forgery CSRF vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add...

8.8CVSS5.8AI score0.0058EPSS
Exploits1References1
NVD
NVD
added 2018/05/12 4:29 a.m.18 views

CVE-2018-11004

An issue was discovered in SDcms v1.5. Cross-site request forgery CSRF vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add...

8.8CVSS8.8AI score0.0058EPSS
Exploits1References1
CVE
CVE
added 2018/05/12 4:0 a.m.43 views

CVE-2018-11004

SDcms v1.5 is affected by a Cross-Site Request Forgery (CSRF) in /WWW//app/admin/controller/admincontroller.php that allows a remote attacker to add administrator accounts via m=admin&c=admin&a=add. The issue is identified as CVE-2018-11004. Impact, per the provided data, includes potential unaut...

8.8CVSS8.7AI score0.0058EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/05/12 4:0 a.m.21 views

CVE-2018-11004

An issue was discovered in SDcms v1.5. Cross-site request forgery CSRF vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add...

8.8AI score0.0058EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/05 12:0 a.m.1 views

SQL Injection Vulnerability in SDCMS v1.1 Frontend Message Boards

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v1.1 version of the foreground message board there are SQL injection vulnerabilities, attackers can use the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2017/08/16 12:0 a.m.4 views

Code Execution Vulnerability in SDCMS Version 1.1

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. There is a code execution vulnerability in SDCMS V1.1, which can be exploited by attackers to execute code and gain administrative privileges...

8AI score
Exploits0
CNVD
CNVD
added 2017/06/20 12:0 a.m.2 views

Code Execution Vulnerability in SDCMS Frontend

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. A code execution vulnerability exists in the frontend of SDCMS. An attacker can exploit this vulnerability to elevate user privileges...

7.6AI score
Exploits0
CNVD
CNVD
added 2017/06/20 12:0 a.m.2 views

SDCMS Search Box SQL Injection Vulnerability

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. An SQL injection vulnerability exists in the SDCMS search box. The vulnerability stems from failure to filter user input. An attacker can exploit this vulnerability to obtain sensitive information from t...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2017/05/02 12:0 a.m.22 views

SDCMS arbitrary file read vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/05/02 12:0 a.m.23 views

SDCMS front Desk arbitrary file deletion vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/05/02 12:0 a.m.20 views

SDCMS attachment management plugin arbitrary file deletion vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/21 12:0 a.m.61 views

SDCMS大量网站存在弱口令#Getshell方法

简要描述: RT 详细说明: SDCMS大量网站存在弱口令 默认后台 admin/login.asp 弱口令 admin admin、admin admin888、sdcms sdcms、admin 123456 随便找了个政府站 http://www.qhxjcy.gov.cn/admin/ sdcms sdcms 进后台选择--界面 接着 模板管理----管理模板 选择 sdcmsindex.asp 并插入asp一句话 访问http://www.qhxjcy.gov.cn/index.asp img...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/07/20 12:0 a.m.48 views

SDCMS论坛存在高危漏洞可getshell,影响其大量系统

简要描述: shell 详细说明: 论坛存在解析漏洞,可利用该漏洞getshell 漏洞证明: 该论坛为aspx类型的论坛,但还可以做php容器可以执行php文件,且存在php解析漏洞。。然后就没有然后了。。。 找到论坛需要注册码:http://bbs.sdcms.cn/,十块钱一个。。。。 屌丝买不起,找到一个手机号昵称的用户:15837309973,手机号当用户名和密码居然登进去了。。 在头像上传处直接上传一张图片马,找到路径:http://bbs.sdcms.cn/max-temp/avatar/28a1ddde7e6a4ecbaf56e54ad06a3406.jpg...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/10 12:0 a.m.37 views

SDCMS 最新门户版 V3.0 储存型xss一枚 可盲打后台

简要描述: 严谨的说 是编辑器xss储存型漏洞 详细说明: 虚拟主机搭建测试: 需要条件: 开启会员注册默认开启 开启投稿功能(默认开启) 下载地址: http://www.sdcms.cn/product/portal.html 默认 开启会员注册 无需审核 原本想在demo上测试的 但是他开启审核了 ---------------------------------------- 注册个会员 找到在线投稿 选择文章模型 远程上传地址处 插入: " 提交 img...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/12/09 12:0 a.m.17 views

SDCMS somewhere stored xss can hijack administrator-vulnerability warning-the black bar safety net

SDCMS somewhere storage typexss, you can cross into the background directly hijack the administrator The problem or in the short message. Before SDCMS short message exists atxsscan be directly hijack any given user, the Modify bug, but not fix completely, this time to a more ruthless, directly...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2013/09/04 12:0 a.m.22 views

SDCMS多处csrf+xss等于管理员

简要描述: SDCMS整个应用都没有防御csrf,结合xss等于管理员了,最新版的也一样 详细说明: 这里主要讲csrf,因为整个应用都没有防御csrf,所以我就挑基础危害较大的吧。 1、添加管理员处: 然后来添加管理员: 抓包,看看添加管理员的请求内容: 然后我们构造好这个添加管理员的表单请求: None 然后把这个csrf.html放到另外一个服务器上x.x.20.199上,利用xss: WooYun: SDCMS某处存储型xss可劫持管理员 然后我们来访问这个短消息,并抓个包看看: https://images.seebug.org/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/09/04 12:0 a.m.17 views

SDCMS某处存储型xss可劫持管理员

简要描述: SDCMS某处存储型xss,可跨进后台直接劫持管理员 详细说明: 问题还是在短消息处。 之前SDCMS短消息处存在xss可以直接劫持任意指定用户,这个bug修改了,但是没有修复完全,这次来个更狠的,直接劫持管理员账户。 首先,我们发送短消息给任意存在的用户,这里我们用222222给111111账户发消息: 然后再后台看看: 打开我们刚才发给111111用户的消息,在短消息的内容处,触发xss: 同样可以劫持到完整cookie: 所以,只要我们给消息起一个引人注目的标题,管理员登陆后只要打开此消息查看,就会被劫持,利用起来也很顺利的吧 漏洞证明: 见详细说明...

7.1AI score
Exploits0
Rows per page
Query Builder