PHP 路径遍历漏洞

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that arises from a lack of effective privilege-granting and access-control measures in a networked system or product...

Pluck 命令注入漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck-4.7.10-dev2, which originates from the admin background, and a remote command execution vulnerability exists when uploading files...

NetArt News Lister 跨站脚本漏洞

News Lister is a free php script for adding a news section to an existing website or creating a simple news site or personal blog. A stored cross-site scripting vulnerability exists in News Lister 1.0.0. An attacker can exploit the vulnerability to insert code into news headlines...

Black Ant SEMS SQL Injection Vulnerability

SemCMS is a set of open source foreign trade enterprise website management system, written in php language, can be run under window or linux system. Black Ant SEMCMS has SQL injection vulnerability , attackers can exploit the vulnerability to obtain database sensitive information...

File Deletion Vulnerability in SongCMS PHP Version

SongCMS is a PHP MySQL, ASP Access/SQL Server based development , enterprise-oriented , multi-language support , free , open source CMS, to help business users to quickly build and deploy enterprise-level portal . SongCMS arbitrary file deletion vulnerability , an attacker can exploit the...

Stored Cross-site Scripting Vulnerability in the Frontend of Guojiz Web Site Navigation System

Guojiz website navigation system is a navigation website source code developed by PHP+MySQL. A stored cross-site scripting vulnerability exists in the frontend of the Guojiz web navigation system. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...

Heybbs has a universal password login vulnerability

HEYBBS is a front-end based on bootstrap+jq+css,back-end php+mysql development of micro-community programs. Heybbs has a universal password login vulnerability that can be exploited by attackers to obtain sensitive database information...

SQL injection vulnerability in Heybbs micro community se***.php file

Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs micro-community se.php file has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

YCCMS suffers from SQL injection vulnerability (CNVD-2020-24720)

YCCMS is a PHP version of a lightweight website building system. YCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

HuCart Enterprise Building System v5.7.7 has file upload vulnerability

HuCart is a PHP+Mysql based enterprise building system CMS that can run on various server platforms such as Linux and Windows. A file upload vulnerability exists in HuCart Enterprise CMS v5.7.7, which can be exploited by attackers to upload arbitrary files...

SQL Injection Vulnerability in Joyplus CMS ad***_aj***.php File

Joyplus CMS Joy Video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . Joyplus CMS adaj.php file has a SQL injection...

PHP Authorization Issues Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...

CVE-2019-19902

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to...

Command injection

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to...

CVE-2019-19902

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to...

Blue Route blog system at***.php page has arbitrary file download vulnerability

Blue Route Blog System is built with PHP+MySQL. Blue Route blog system at.php page exists arbitrary file download vulnerability, an attacker can use the vulnerability to download arbitrary files...

CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the...

CVE-2019-14771

CVE-2019-14771 affects Backdrop CMS: versions 1.12.x prior to 1.12.8 and 1.13.x prior to 1.13.3. The flaw lets an attacker upload entire-site configuration archives via the UI or CLI without validating archive contents, potentially permitting non-configuration scripts to be stored on the server. ...

Arbitrary File Deletion, Code Execution Vulnerabilities in ICMS

ICMS is a high content management system built with PHP and MySQL. ICMS suffers from an arbitrary file deletion, code execution vulnerability. An attacker can exploit this vulnerability to delete arbitrary files and gain control of the website...

DomainMod Cross-Site Request Forgery Vulnerability

DomainMod is a PHP and MySQL based open source application for managing centrally located domain names and other Internet assets. DomainMod suffers from a cross-site request forgery vulnerability. An attacker could exploit the vulnerability to change a read-only user to an administrator...