EUVD-2007-5622

Malware in sbrugna...

EUVD-2018-6851

Malware in sbrugna...

PT-2025-3936 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A vulnerability has been found in the code and classified as problematic. This issue affects unknown code of the file / parse/ feedback system.php. The manipulation of the type argument...

CVE-2024-7917 DouPHP Favicon system.php unrestricted upload

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

CVE-2016-15022 mosbth cimage check_system.php cross site scripting

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file checksystem.php. The manipulation of the argument $SERVER'SERVERSOFTWARE' leads to cross site scripting. The attack can be launched...

CVE-2018-19465

Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...

CVE-2018-19465

CVE-2018-19465 affects Maccms up to version 8.0, allowing Cross-Site Scripting (XSS) via the site_keywords field used in index.php?m=system-config. The root cause is tied to template files: tpl/module/system.php and tpl/html/system_config.html, with related references to template/paody/html/vod_i...

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

CVE-2019-5310

YUNUCMS 1.1.8 is affected by a cross‑site scripting vulnerability in app/admin/controller/System.php. The issue allows crafted data to be written to the sys.php file, demonstrated by using site_title in an admin/system/basic POST request. This represents an XSS risk as described across multiple s...

CVE-2018-20558

CVE-2018-20558 affects DouCo DouPHP 1.5 (20181221). The vulnerability is a Cross-Site Scripting (XSS) flaw in admin/system.php?rec=update, exploitable via the site_name parameter . This could allow an attacker to inject arbitrary web script/HTML that is rendered by a user’s browser; CVSS scores i...

Cross site scripting

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS...

polyquip.com.sg XSS vulnerability

Open Bug Bounty ID: OBB-573192 Description| Value ---|--- Affected Website:| polyquip.com.sg Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Code execution vulnerability in LaySNS v2.2.0 System.php page

LaySNS Light Community is a comprehensive website system based on ThinkPHP5+LayUI that integrates content publishing and community exchange. A code execution vulnerability exists in the program implementation of the LaySNS v2.2.0 System.php page, which is due to the system's failure to strictly...

PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability

Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...

GlobalSearch CMS system.php parameter id SQL injection vulnerability

No description provided by source...

CVE-2015-1603

Multiple cross-site scripting XSS vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter to index.php or 2 id parameter in a usersusers action to asys/site/system.php...

cmseasy 后台缓存配置文件未过滤一个字符导致getshell

简要描述： cmseasy 管理员身份 后台缓存配置文件，没有过滤一个字符导致getshell 详细说明： 啥都不说了 直接看代码： 我们直接到 然后我们分析一下代码: system.php:lines:67: ifaddslashes$POST'customerinfo' $customerinfo='true'; else $customerinfo='false'; $GLOBALS'celsysteminfo'-confaddslashes$POST'url', addslashes$POST'template',...

anwsion一个类设置缺陷导致安全过滤失效，附带一个利用案例

简要描述： anwsion一个类设置缺陷。哎。。。。 详细说明： 真心蛋疼！！！！！ models/system.php public function analysiskeyword$string $string = strreplacearray "", "!", "@", "", "$", "%", "^", "&", "", ",", ".", "?", ";", ":", "'", '"', "", "", "", "", "！", " ￥", "……", "…", "、", "，", "。", "？", "；", "：", "‘", "“", "”", "’", " 【",...

CVE-2011-0505

Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the settemplatevalue parameter...

Directory traversal

Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the settemplatevalue parameter...