Directory Traversal Vulnerability in CLTPHP Version 5.5.3

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A directory traversal vulnerability exists in CLTPHP version 5.5.3, which can be exploited by attackers to obtain sensitive information...

File inclusion vulnerability in the get_url_contents() method of the DSmall Multi-User Mall system

DSmall is a multi-user mall system source code developed with thinkPHP as the framework. DSmall multi-user mall system geturlcontents method file inclusion vulnerability. Allow attackers to exploit the vulnerability to remotely execute arbitrary code...

Thunderwind Movie CMS v3.3.0 SQL Injection Vulnerability in NewsController.class.php Page

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS v3.3.0 SQL injection vulnerability exists in NewsController.class.php page. Attackers can...

DSMmall Multi-merchant open source mall system check_email method has SQL injection vulnerability

DSMmall multi-commercial open source mall source code is a thinkPHP as the framework for the development of multi-user mall system source code. DSMmall multi-commerce open source mall system checkemail method SQL injection vulnerability. The vulnerability is due to the system fails to effectively...

LvyeCMS Code Execution Vulnerability

LvyeCMS is a content management system developed by China Lvye Network Technology using ThinkPHP framework and an independent grouping approach. A security vulnerability exists in LvyeCMS 3.1 and earlier versions. The vulnerability can be exploited by a remote attacker to upload and execute...

LvyeCMS Public tologin function cross-site scripting vulnerability

LvyeCMS is a content management system developed using the ThinkPHP framework and an independent grouping approach. A cross-site scripting vulnerability exists in the Public tologin function of the admin.php file in LvyeCMS 3.1 and earlier versions. A remote attacker can exploit this vulnerabilit...

SQL Injection Vulnerability in Multiple Methods of WKshop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop General Mall System has SQL injection vulnerability in several methods, an authenticated attacker can construct a...

SQL Injection Vulnerability in the Latest Version of YxtCMF

YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. The latest version of YxtCMF has a SQL injection vulnerability, which is exploited by attackers to obtain database sensitive information...

Cross-site scripting vulnerability in lvyeCms

LvyeCMS is developed based on ThinkPHP framework, which is a content management system developed using independent grouping. A cross-site scripting vulnerability exists in lvyeCms due to the system failing to filter user-supplied data. An attacker can exploit this vulnerability to execute malicio...

SQL injection vulnerability in the latest version of wstmall (CNVD-2017-19365)

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp, is a system that can help businesses and individuals to quickly build a community service system. The latest version of wstmall V1.9.4170630 has a SQL injection vulnerability, which can be...

Backdoor vulnerability in lvyecms backend

LvyeCMS is a content management system developed based on ThinkPHP framework, using an independent grouping approach. Backdoor vulnerability exists in lvyecms background add module page at the function . Allow attackers to exploit the vulnerability can be obtained server privileges...

SQL Injection, Remote Command Execution Vulnerabilities Exist in Kinglion Technologies Call System

Jinlun Technology Call System is a set of intelligent telemarketing management system specially designed by Shenzhen Jinlun Communication Co. Jinlun call system exists SQL injection, remote command execution vulnerability, due to SOAP interface external entity injection and the use of Think php...

LuManager high-risk SQL injection 0day analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 9 month 7 day Ali cloud shield situational awareness system captures the LuManager system of 0day a gold that confirmed that the vulnerabilities once a hacker can use directly to the highest authority of the login background, upload webshell, the control system database, the operatio...

yourphp cms-stored xss-vulnerability warning-the black bar safety net

yourphp is based on thinkphp framework for the development of the open source cms, there is a storage-typexssvulnerability In the demo of the cms when found this vulnerability, in order to have the power of persuasion, then using the official demo displayxssprocess, In yourphp official...