WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23132

Name of the Vulnerable Software and Affected Versions Apocalypse Meow plugin for WordPress versions prior to 22.1.0 Description The software is susceptible to SQL injection through the type parameter. A flawed logical operator in the type validation check allows attacker-controlled single quotes ...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CmsEasy 5.6 /celive/live/header.php SQL注入漏洞

整个漏洞详情在书安杂志中进行了详细的说明。链接：https://www.secbook.net在parseObjXml 凼数中$rootTag 就是传入的 xml 中的第一个标签，返里判断是 xjxobj 还是 xjxquery当$rootTag 为 xjxquery 时将传入的参数内容通过 parsestr 处理 parsestr$sQuery, $aArray;然后当 getmagicquotesgpc == 1 == on的时候候，将传入的参数值反转义$newArray$sKey = stripslashes$sValue;进入postdata函数。function...

Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns

No description provided by source. START 0x01 Informations: Script : Gallery Kys 1.0 Download : http://www.advancescripts.com/djump.php?ID=6285 Vulnerability : Admin Password Disclosure / Permanent XSS Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Passwor...

Weave a dream(Dedecms)arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Vulnerability page is \include\incbookfunctions.php The trigger page is member/storyaddcontentaction.php Next is open the following address: http://www.xxx.com/member/storyaddcontentaction.php?chapterid=1&arcID=1&body=?& gt; Followed by the word code. When you see the successful message indicates...

All Club CMS 0.0.2 - index.php SQL Injection

All Club CMS 0.0.2 - index.php SQL Injection -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- All Club CMS No go on the hack attempt."; // log attempt, from IP, etc. if $SYSSET'banattackip' // ban ip if banattackip die; $sth = $dbh-prepare"SELECT FROM accmsmodules WHERE...