Thinkphp5 applet one-click generation platform has file upload vulnerability

Thinkphp5 small program one-click generation platform is a small program one-click generation system source code. A file upload vulnerability exists in Thinkphp5 Applet One Click Generation Platform. An attacker can exploit this vulnerability to upload a webshell and gain server privileges...

SQL Injection Vulnerability in Hula Enterprise Website Management System of Qingdao Scorch Culture Media Co.

Hula enterprise website management system is based on ThinkPHP5 framework development, security and efficiency, including all the features of ThinkPHP5. Qingdao Scorch Culture Media Co., Ltd. Hula enterprise website management system has a SQL injection vulnerability, which can be exploited by...

Arbitrary File Deletion Vulnerability in LeShang Mall

LeShares is a lightweight mall website management system, based on Thinkphp5+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other various platforms. LeShang Mall arbitrary file deletion vulnerability, an attacker can use this vulnerability to arbitrarily delete server files...

Arbitrary File Deletion Vulnerability in LeShang Mall (CNVD-2019-43871)

LeShares is a lightweight mall website management system, based on Thinkphp5+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. There is an arbitrary file deletion vulnerability in LeShang Mall. An attacker can use this vulnerability to arbitrarily delete server...

NiuShop suffers from SQL injection vulnerability (CNVD-2019-43346)

Niushop open source mall using thinkphp5.0 MySQL development language development , completely open source mall system , can be used for enterprises , individuals to establish their own online free mall , support for open source WeChat Mall , open source applet , open source new retail , B2B2C,...

NiuShop suffers from SQL injection vulnerability (CNVD-2019-43347)

Niushop open source mall using thinkphp5.0 MySQL development language development , completely open source mall system , can be used for enterprises , individuals to establish their own online free mall , support for open source WeChat Mall , open source applet , open source new retail , B2B2C,...

File Upload Vulnerability in OneBase

OneBase is an open source, fast and simple, object-oriented application development architecture based on ThinkPHP5. A file upload vulnerability exists in OneBase, which can be exploited by an attacker to gain control of the web server...

Arbitrary File Download Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS arbitrary file download vulnerability, an attacker can use the vulnerability to read any file in th...

File upload vulnerability in yershop

yershop open source online store system is a thinkphp5 based mall system , with a key to generate the controller , model , validator , template , general additions and deletions and other functions . yershop backend file upload vulnerability , attackers can exploit the vulnerability to obtain...

One Kebba cms V2.0 has xss vulnerability

OneCapaCms is a small business building system based on thinkphp 5.0. One Keba cms V2.0 has an xss vulnerability that can be exploited by attackers to obtain administrator cookies...

yershop open source online store system code execution vulnerabilities exist in the background

yershop open source online store system is a thinkphp5-based mall system with a key to generate controllers , models , validators , templates , general additions and deletions , and other functions. yershop open source online store system code execution vulnerabilities exist in the background , a...

Command Execution Vulnerability in Yzncms Frontend

Yzncms aka Otaku CMS is a CMS content management system based on the latest TP5.1 framework. Yzncms front-end command execution vulnerability, an attacker can exploit the vulnerability to execute arbitrary commands...

Logic flaw vulnerability in yershop open source online store system (CNVD-2019-04592)

yershop open source online store system is a thinkphp5-based mall system with a key to generate controllers , models , validators , templates , general additions and deletions , and other functions. yershop open source online store system there is a logic flaw vulnerability , the vulnerability...

Command Execution Vulnerability in YFCMF

YFCMF is a backend content management framework using ThinkPHP 5.1. + foreign ACE 1.40 UI template. YFCMF has a command execution vulnerability that can be exploited by attackers to gain control of the web server...

DSShop open source single store mall system front-end command execution vulnerability

DSShop is based on ThinkPHP5 framework for the development of a single store mall system, full support for PC, WAP, microblogging and other terminal equipment, designed for business users to adapt to the entire business model of the solution, can fully meet the operational needs. DSShop open sour...

File Upload Vulnerability in WK+shop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. A file upload vulnerability exists in the WK+shop universal mall system, which allows an attacker to upload arbitrary files a...

ThinkPHP5 PDO Authenticity Preprocessing suffers from SQL Injection Vulnerability

ThinkPHP V5.0 is a high-performance framework designed for API development. A SQL injection vulnerability exists in ThinkPHP5 PDO authenticity preprocessing. The vulnerability is caused by controlling the value position of the in statement, i.e. by passing in an array, leading to a SQL injection...

WSTMart 'addressId' parameter has a design flaw vulnerability in Guangzhou Shangtao Information Technology Co.

WSTMart e-commerce system is based on THINKPHP 5.0 development of B2B2C integrated e-commerce system. There is a design flaw vulnerability in the WSTMart 'addressId' parameter of Guangzhou Shangtao Information Technology Co. Allow attackers to obtain database account password information...