SQL injection vulnerability in CollectController.class.php page of Thunderwind Movie & TV cms system

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Film and Television CMS system CollectController.class.php page SQL injection vulnerability, attacke...

LvyeCMS Code Execution Vulnerability

LvyeCMS is a content management system developed by China Lvye Network Technology using ThinkPHP framework and an independent grouping approach. A security vulnerability exists in LvyeCMS 3.1 and earlier versions. The vulnerability can be exploited by a remote attacker to upload and execute...

LvyeCMS Public tologin function cross-site scripting vulnerability

LvyeCMS is a content management system developed using the ThinkPHP framework and an independent grouping approach. A cross-site scripting vulnerability exists in the Public tologin function of the admin.php file in LvyeCMS 3.1 and earlier versions. A remote attacker can exploit this vulnerabilit...

TPshop open source mall system 2.0 eval-stdin.php file there is a backdoor default vulnerability

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop open source mall system 2.0 eval-stdin.php file has a backdoor vulnerability . Attackers send POST requests containing malicious...

SQL Injection Vulnerability in YxtCMF Frontend IndexController.class.php Page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the IndexController.class.php page of the YxtCMF frontend. An attacker can exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Multiple Methods of WKshop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop General Mall System has SQL injection vulnerability in several methods, an authenticated attacker can construct a...

File Upload Vulnerability in WK+shop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. A file upload vulnerability exists in the WK+shop universal mall system, which allows an attacker to upload arbitrary files a...

ThinkPHP 5.0.10 framework exp expressions suffer from SQL injection vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. A SQL injection vulnerability exists in the ThinkPHP 5.0.10 framework exp expression. Due to the system fails to effectively filter the data submitted by the user. An attacker...

ThinkPHP 5.0.10 framework filterExp function has SQL injection vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. A SQL injection vulnerability exists in the filterExp function of ThinkPHP 5.0.10 framework. A remote attacker can exploit the vulnerability to obtain sensitive database...

SSRF vulnerability in Bycms user-post method

Bycms Beyoncms is a content management system based on thinkphp 5.0.9. An SSRF vulnerability exists in the Bycms user-post method. An attacker can exploit the vulnerability to detect the database version number and open port service information...

SQL Injection Vulnerability in the Latest Version of YxtCMF

YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. The latest version of YxtCMF has a SQL injection vulnerability, which is exploited by attackers to obtain database sensitive information...

Stored cross-site scripting vulnerability in the study function on the YxtCMF CourseController.class.php page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A stored cross-site scripting vulnerability exists in the study function on the YxtCMF CourseController.class.php page. An attacker can insert malicious js code into...

Arbitrary file download vulnerability in the downmaterial function on the YxtCMF CourseController.class.ph page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. An arbitrary file download vulnerability exists in the YxtCMF CourseController.class.ph page downmaterial function. Allows an attacker to exploit the vulnerability t...

YxtCMF v3.1.0 SQL Injection Vulnerability in 'ty_id' Parameter

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 SQL injection vulnerability exists in the 'tyid' parameter. An attacker can exploit this vulnerability to obtain sensitive information from the databas...

ThinkPHP5. 0. 10-3. 2. 3 cache function design flaws can lead to Getshell

0x00 framework operating environment ThinkPHP is a free open source, fast, simple object-oriented lightweight PHP development framework, in order to agile WEB application development and simplify enterprise application development and birth. ThinkPHP from inception has been adhering to the simple...

ThinkPHP Cache Functions Have Design Flaw Vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. There is a design flaw vulnerability in the ThinkPHP cache function. The vulnerability is due to ThinkPHP in the use of cache data serialization, stored in the php file caused...

Logic Design Vulnerability in ECS Online Learning System v3.1.0

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...

Logic flaw vulnerability in the latest version of wstmall

WSTMall is a thinkphp framework based on the development of multi-commercial O2O open source system. The latest version of wstmall has a logic flaw vulnerability. Attackers can use the vulnerability to reset the password...

Cross-site scripting vulnerability in lvyeCms

LvyeCMS is developed based on ThinkPHP framework, which is a content management system developed using independent grouping. A cross-site scripting vulnerability exists in lvyeCms due to the system failing to filter user-supplied data. An attacker can exploit this vulnerability to execute malicio...

SQL injection vulnerability in the latest version of wstmall (CNVD-2017-19366)

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp, is a system that can help companies and individuals to quickly build a community service system. The latest version of wstmall V1.9.4170630 has a SQL injection vulnerability, which can be...