11 matches found
VulnCheck KEV: CVE-2020-22208
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php...
74CMS 安全漏洞
74CMS is an online recruitment system based on PHP and MySQL. A file upload vulnerability exists in version 3.28.0 of 74CMS, which stems from the lack of valid validation of the uploaded file by imgBase64, a parameter of the function sendCompanyLogo in file /controller/company/Index.php. The...
CVE-2022-32126
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting XSS vulnerability via the path /company...
CVE-2020-22421
74CMS v6.0.4 was discovered to contain a cross-site scripting XSS vulnerability via /index.php?m=&c=help&a=helplist&key...
The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.
The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the key parameter...
The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.
The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the parameter x...
CVE-2020-22212
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php...
PT-2020-17129
Name of the Vulnerable Software and Affected Versions 74CMS versions prior to 6.0.48 Description The issue concerns a PHP remote file inclusion in the assign resume tpl method within the Application/Common/Controller/BaseController.class.php file. This allows for remote code execution...
Code execution vulnerability in 74cms backend Co***.cl***.php file
Knight Talent System 74cms is based on PHP + MYSQL as the core development of a set of free + open source professional recruitment system. By Taiyuan Xunyi Technology Co., Ltd. was officially launched in 2009. 74cms background Co.cl.php file there is a code execution vulnerability. Allow attacker...
SQL Injection Vulnerability in 74cms Backend Pe***.cl***.php File
Knight Talent System 74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. By Taiyuan Xunyi Technology Co., Ltd. was officially launched in 2009. 74cms background Pe.cl.php file SQL injection vulnerability. Attackers can use the...
SQL Injection Vulnerability in 74cms MembersController.class.php Page
Knight Talent System 74cms is a free website management system based on PHP+MYSQL. A SQL injection vulnerability exists in the 74cms MembersController.class.php page, which can be exploited by attackers to obtain sensitive database information...