PT-2023-7273 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.15 Description: The issue allows for Indirect Object Reference IDOR attacks, enabling unauthorized access to protected information. This can be achieved by modifying the sid parameter to EmailHtmlSourceIframe.jsp...

Discuz! 7.1 & 7.2 remote code execution vulnerability-vulnerability warning-the black bar safety net

First of all the way, vulnerability is t00ls heart of the Swarm spread out, xhming go read, and then I later read, the read-out of all code execution, 1 On 5 The Night of 1 1 o'clock, in the core group of hackers, xhming gave a poc, I gave an exp, do find the same problem. Off night 2 points more...

Discuz! 7.1 - 7.2 远程代码执行漏洞

产生漏洞的$scriptlang数组在安装插件后已经初始化 Discuz！新版本7.1与7.2版本中的showmessage函数中eval中执行的参数未初始化，可以任意提交，从而可以执行任意PHP命令。 下面来分析下这个远程代码执行漏洞，这个问题真的很严重，可以直接写shell的： 一、漏洞来自showmessage函数： function showmessage$message, $urlforward = '', $extra = '', $forwardtype = 0 extract$GLOBALS,...