7 matches found
NFine Rapid Development Platform 访问控制错误漏洞
NFine Rapid Development Platform is an extremely fast WEB + ORM framework based on C language for NFine individual developers. NFine Rapid Development Platform suffers from an Access Control Error vulnerability that originates from the presence of an unknown function in...
Improper Authentication in liukuo362573/yishaadmin
Description Hi there, there is another improper authorization at /admin/SystemManage/LogOperate/GetFormJson, this will allow anyone to view yishaadmin log without logging in. Proof of Concept 1. Access the link http://106.14.124.170/admin/SystemManage/LogOperate/GetFormJson?id=405689053455847424...
CVE-2019-9570
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/systemmanage/save.html URI, related to the sitecode parameter...
CVE-2018-17044
In YzmCMS 5.1, stored XSS exists via the admin/systemmanage/userconfigadd.html title parameter...
CVE-2018-12905
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...
CVE-2018-12905
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...