slackero phpwcms 代码注入漏洞

phpwcms is an open source Web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. phpwcms suffers from a code injection vulnerability that can be exploited by attackers via /phpwcms/setup/setup.php...

Cross site scripting

Cross Site Scripting vulnerability in GetSimpleCMS =3.3.15 via the 1 sitename, 2 username, and 3 email parameters to /admin/setup.php...

getsimplecms 跨站脚本漏洞

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in GetSimple CMS 3.3.15 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the sitename, username, and ema...

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter...

CVE-2020-15034

CVE-2020-15034 : NeDi 1.9C is vulnerable to cross-site scripting (XSS) via the Monitoring-Setup.php tet parameter, allowing an attacker to execute arbitrary JavaScript in a victim’s browser. The provided documents state the vulnerability but do not include remediation details or confirmed exploit...

CVE-2020-15034

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter...

CVE-2020-12743

An issue was discovered in Gazie 7.32. A successful installation does not remove or block or in any other way prevent use of its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hiddenreq POST paramet...

CVE-2018-11686

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php...

Remote code execution

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php...

CVE-2018-11686

CVE-2018-11686 affects FlexPaper/FlowPaper 2.3.6 . The Publish Service allows remote code execution via setup.php and change_config.php , enabling unauthenticated attackers to run arbitrary code on the server and potentially compromise the host and all hosted documents. Remediation: upgrade to Fl...

Code injection

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...

CVE-2017-16540

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...

ILIAS Detection (HTTP)

HTTP based detection of ILIAS eLearning. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.140443";...

CVE-2016-9889

Some forms with the parameter geozoomleveltofoundlocation in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and articleimage.php. The impact is XSS...

phpmyadmin2. 8. 0. 3 arbitrary file include vulnerability

0x00 overview phpmyadmin vulnerability exists in the known version is 2.8.0.3 rest version unknown This test version is 2. 8. 0. 3 Many within the network system in this version, the external network is also not a few! 0x01 vulnerability analysis See there are holes in the file code...

CVE-2015-3648

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the defaultlanguage parameter...

Directory traversal

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the defaultlanguage parameter...

CVE-2015-3648

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the defaultlanguage parameter...

CVE-2014-9059

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

CVE-2014-8365

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...