6 matches found
Command execution vulnerability in FastAdmin backend (CNVD-2020-58827)
FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap, and a permission management system based on Auth validation. FastAdmin backend has a command execution vulnerability that can be exploited by an attacker to gain control of the server...
SQL Injection Vulnerability in yxtcmf Backend
YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. There is a SQL injection vulnerability in the backend of yxtcmf, which can be exploited by attackers to obtain database sensitive information...
SQL Injection Vulnerability in YxtCMF Frontend IndexController.class.php Page
YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the IndexController.class.php page of the YxtCMF frontend. An attacker can exploit the vulnerability to obtain sensitive...
Arbitrary file download vulnerability in the downmaterial function on the YxtCMF CourseController.class.ph page
YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. An arbitrary file download vulnerability exists in the YxtCMF CourseController.class.ph page downmaterial function. Allows an attacker to exploit the vulnerability t...
YxtCMF v3.1.0 SQL Injection Vulnerability in 'ty_id' Parameter
YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 SQL injection vulnerability exists in the 'tyid' parameter. An attacker can exploit this vulnerability to obtain sensitive information from the databas...
Logic Design Vulnerability in ECS Online Learning System v3.1.0
E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...