Hsycms SQL Injection Vulnerability

Hsycms is a content management system CMS based on ThinkPHP. The system has features such as in-site linking, site map, full-site pseudo-static and custom URL URLs. A SQL injection vulnerability exists in Hsycms V1.1. The vulnerability stems from the lack of validation of externally entered SQL...

NoneCMS ThinkPHP Remote Code Execution (CVE-2019-9082)

...

File Upload Vulnerability in YFCMF Im***.p*** Page

YFCMF is a backend content management framework using ThinkPHP 5.1. + foreign ACE 1.40 UI template. A file upload vulnerability exists in the YFCMF Im.p page, which can be exploited by an attacker to gain server privileges...

Arbitrary File Deletion Vulnerability in FastAdmi

FastAdmin is a system backend development framework based on ThinkPHP and Bootstrap. FastAdmin system backend arbitrary file deletion vulnerability, an attacker can exploit the vulnerability to delete arbitrary files...

NoneCMS ThinkPHP Remote Code Execution (CVE-2018-20062)

A remote code execution vulnerability exists in NoneCMS ThinkPHP framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VulnCheck KEV: CVE-2018-20062

ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter...

One Kebba cms V2.0 has xss vulnerability

OneCapaCms is a small business building system based on thinkphp 5.0. One Keba cms V2.0 has an xss vulnerability that can be exploited by attackers to obtain administrator cookies...

Exploit for CVE-2013-0422

K8tools 20190428 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

TP3-CMS has xss vulnerability

TP3-CMS is an enterprise website CMS system based on ThinkPHP 3.2 framework. TP3-CMS has an xss vulnerability that can be exploited by attackers to obtain an administrator cookie...

Days thaw letter on ThinkPHP5. 1 framework conjunction with the RCE vulnerabilities in-depth analysis-vulnerability warning-the black bar safety net

The first few months, Thinkphp continuous outbreak of more serious vulnerabilities. Due to the framework of the application of the wide range of vulnerability impact is very large. In order to after the better defense and response to this framework for vulnerability, the alpha laboratory for...

NoneCMS ThinkPHP 5.X Remote Code Execution

A remote code execution vulnerability exists in NoneCMS ThinkPHP framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Exploit for CVE-2013-0422

K8tools 20190403 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools 密码: k8gege k8team K8team PS: 不定期更新,文件比较大，可按需下载。 提权工具均可在远控cmd或WebShell下运行，大部份经过修改重新编译兼容性稳定性比网上要好 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt K8飞刀漏洞利用列表...

xss vulnerability in in***.php page of LaySNS lightweight content community system of Wuhan Classen Technology

LaySNS is a lightweight, integrated content management and community interaction website management system based on ThinkPHP+Layui architecture. An xss vulnerability exists in the in.php page of Wuhan Classen Technology's LaySNS lightweight content community system, which stems from the program n...

SQL Injection Vulnerability in yxtcmf Backend

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. There is a SQL injection vulnerability in the backend of yxtcmf, which can be exploited by attackers to obtain database sensitive information...

yershop open source online store system code execution vulnerabilities exist in the background

yershop open source online store system is a thinkphp5-based mall system with a key to generate controllers , models , validators , templates , general additions and deletions , and other functions. yershop open source online store system code execution vulnerabilities exist in the background , a...

File Upload Vulnerability in WTCMS

WTCMS is a content management system CMS based on Thinkphp. WTCMS suffers from a file upload vulnerability that can be exploited by an attacker to gain control of the web server...

Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net

Recently, Ali cloud security monitoring to watchbog mining Trojan use the new exposure of the Nexus Repository Manager 3 remote code execution vulnerabilityCVE-2019-7238for attack and mining the events. It is worth noting that this attack Start Time 2 on 24th and 2 on 5 May above products, the...

SchoolCMS Arbitrary PHP Code Execution Vulnerability

SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . A security vulnerability exists in SchoolCMS version 2.3.1. An attacker can exploit this vulnerability to execute arbitrary...

ThinkPHP Command Execution Vulnerability

Top Thinking Information Technology ThinkPHP is a PHP-based, open source, lightweight Web application development framework from China Top Thinking Information Technology. ThinkPHP3.2.4 previous version used in Open Source BMS v1.1.1 version and other devices in the existence of a command executi...

Command injection

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...