CVE-2019-25574

CVE-2019-25574 affects Green CMS 2.x. The vulnerability is a path traversal flaw that enables authenticated attackers to download arbitrary files or directories. Attackers can exploit the themeexporthandle action by injecting directory traversal sequences into the theme_name parameter, or use bas...

Green CMS 路径遍历漏洞

Green CMS is a content management system developed by Green CMS Inc. The Green CMS 2.x version has a path traversal vulnerability. This vulnerability stems from the themename parameter allowing for path traversal, which may enable authenticated attackers to download arbitrary files and directorie...

OpenBiblio 0.x theme_preview.php themeName Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local...

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...