WordPress 4.7.x < 4.7.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

WordPress 4.5.x < 4.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

QYKCMS template.php page has an arbitrary file reading vulnerability

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS template.php page arbitrary file reading vulnerability. The vulnerability is caused by the system does not effectively filter parameters. Attackers can use the vulnerability to obtain sensitive...

Arbitrary file deletion vulnerability in XiaoCms background template.php and database.php pages

Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XIAOCMS background template.php and database.php page there are arbitrary file deletion vulnerability. Attackers can successfully delete files in the root directory by...

ECShop background template.php file exists arbitrary file deletion vulnerability

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECShop backend template.php file exists...

SQL Injection Vulnerability in ThinkLC Classifieds Information System template.php Page

ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the template.php page of ThinkLC Classified Information System. It allows attackers to exploit the vulnerability to gain access to sensitive...

tlobonline.com XSS vulnerability

Vulnerable URL: http://www.tlobonline.com/template.php?id="alert/OPENBUGBOUNTY/...

FineCMS 1.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

CVE-2017-11582

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

Design/Logic Flaw

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection...

Sql injection

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php...

Sql injection

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php...

CVE-2017-11583

dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php...

CVE-2017-11584

dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php...

Sql injection

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

CVE-2017-11585

dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection...

CVE-2017-11584

dayrui FineCms 5.0.9 is affected by an SQL Injection in the field parameter used in actions=module, action=member, action=form, or action=related, targeting libraries/Template.php. The vulnerability is described across multiple sources (NVD/CNVD/PRION/CVE lists) with no explicit public fix/versio...

CVE-2017-11583

FineCMS 5.0.9 has a SQL injection in libraries/Template.php via the catid parameter in an action=related request. Impact per CNVD/NVD records includes potential disclosure of all databases. No patch version or remediation is explicitly provided in the connected documents. Exploitation details are...

CVE-2017-11582

dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php...

CVE-2017-11582

CVE-2017-11582 concerns dayrui FineCms 5.0.9, with a SQL Injection vulnerability in the libraries/Template.php file. The flaw is exploitable via the num parameter in requests for action=related or action=tags, enabling a remote attacker to execute arbitrary SQL commands. Multiple sources in the c...