Command execution vulnerability in the backend of the Guojiz international web site navigation system (CNVD-2021-12803)

Guojiz International Website Navigation System is developed with ThinkPHP5.0 PHP7.0 Mysql Apache/Nginx/iis, a CMS program suitable for small and medium-sized webmasters to build websites. Guojiz international web site navigation system back-end command execution vulnerability, an attacker can use...

NoneCMS ThinkPHP Framework Remote Code Execution

A remote code execution vulnerability exists in NoneCMS ThinkPHP Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

ThinkAdmin Code Issues Vulnerabilities

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. ThinkAdmin version 4 has a security vulnerability vulnerability , the vulnerability stems from insecure deserialization , an attacker can use the vulnerability to remotely execute arbitrary code...

Fastadmin Code Injection Vulnerability

fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. Fastadmin V1.0.0.20200506 beta has a security vulnerability that can be exploited by attackers to cause server-side template injection SST vulnerability attacks...

ThinkAdmin Cross-Site Scripting Vulnerability

ThinkAdmin is a backend administration framework developed based on the latest ThinkPHP V6 , using the MIT protocol open source. thinkAdmin v1, v6 exists a stored cross-site scripting vulnerability. A remote attacker can use the vulnerability to inject arbitrary Web script or HTML...

Unauthorized Access Vulnerability in ThinkAdmin

ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, using the loosest MIT protocol open source. ThinkAdmin has an unauthorized access vulnerability. Attackers can use the vulnerability to bypass login to directly read and modify sensitive information...

SQL Injection Vulnerability in the background of Wild Rain Novel CMS

Wild Rain Fiction cms hereinafter referred to as KYXSCMS provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. There is a SQL injection vulnerability in the background of KYXSCMS. Attackers can use the vulnerability to obtain sensitive information in the database...

Command Execution Vulnerability in the Backend of Wild Rain Novel CMS (CNVD-2020-68554)

Wild Rain Fiction Content Management System provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. Rain Novel cms backend command execution vulnerability , attackers can use the vulnerability to obtain server privileges...

Command Execution Vulnerability in LzCMS Content Management System Backend

LzCMS is a simple blog system made by ThinkPHP+layui. A command execution vulnerability exists in the backend of LzCMS content management system. Attackers can use this vulnerability to upload Trojan horse files and obtain webshell...

File Upload Vulnerability in LzCMS Content Management System Backend

LzCMS is a blog system developed by ThinkPHP+layui. A file upload vulnerability exists in the background of LzCMS content management system, which can be exploited by attackers to gain control of the web server...

fastadmin SQL Injection Vulnerability

fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin V1.0.0.20191212 beta, which stems from a malicious parameter that can be passed in the URL admin ajax for SQL injection when a user with administrator...

fastadmin SQL Injection Vulnerability

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin-tp6 v1.0, which originates in the app management controller Ajax.php file, where the passed table parameters are not filtered. An attacker can exploit this...

Wild Rain Novel cms has a logic flaw vulnerability

Wild Rain Fiction Content Management System provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. Rainy Novel cms has a logic flaw vulnerability , attackers can use the vulnerability to obtain sensitive information...

File Upload Vulnerability in SIYUCMS V6.1

SIYUCMS is a content management system based on ThinkPHP + AdminLTE. A file upload vulnerability exists in SIYUCMS V6.1, which can be exploited by an attacker to gain administrative privileges on the web server...

Logic Flaw Vulnerability in Ad***.php File in Zibo's New X1.0 System

Zibo's new X1.0 system is a website management system based on the latest thinkphp5 framework. A logic flaw vulnerability exists in the Ad.php file of the Qibo New X1.0 system. An attacker can exploit the vulnerability to forge a super administrator cookie and log in to the system as a super...

Logic flaw vulnerability in the la***.php file of Qibo's new X1.0 system

Zibo's new X1.0 system is a website management system based on the latest thinkphp5 framework. A logic flaw vulnerability exists in the la.php file of the Qibo New X1.0 system. An attacker can use the vulnerability to modify the database data to promote ordinary users to super administrator...

Arbitrary File Read Vulnerability in Im***.php File on Qibo's New X1.0 System

Zibo's new X1.0 system is a website management system based on the latest thinkphp5 framework. There is an arbitrary file read vulnerability in the Im.php file of the Qibo New X1.0 system. An attacker can exploit this vulnerability to obtain sensitive information...

Arbitrary File Deletion Vulnerability in CRMEB Knowledge Payment System Backend Sy***.php Document File

CRMEB knowledge payment system is based on ThinkPhp5.0 + Vue development of a new retail live / on-demand knowledge payment system. CRMEB knowledge payment system background Sy.php file file exists arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete arbitrary file...

Directory Traversal Vulnerability in ThinkAdmin v6

ThinkAdmin is a backend management framework based on the latest ThinkPHP V6 development, open source using the MIT protocol. ThinkAdmin v6 has a directory traversal vulnerability. Attackers can use the vulnerability through the POST request rules parameter to exploit the vulnerability to read...

Command Execution Vulnerability in BayCloud CMS

Beyun cms content management system is an open source content management system based on tp5.1. Beyuncms has a command execution vulnerability that can be exploited by an attacker to gain control of the server...