Arbitrary File Deletion Vulnerability in cmseasy v6.3_20180808

cmseasy is a web content management system based on PHP+Mysql architecture. An arbitrary file deletion vulnerability exists in cmseasy v6.320180808, which stems from a failure to filter the parameter tplname. An attacker can exploit this vulnerability to delete arbitrary files, resulting in a...

SQL Injection Vulnerability in 'tplname' Parameter of Founder Xiangyu CMS System

Founder Xiangyu CMS system is a full-process management platform for website information release. A SQL injection vulnerability exists in the Founder Xiangyu CMS system. The lack of filtering of the 'tplname' parameter allows attackers to exploit the vulnerability to obtain sensitive database...

geblog01-lfi.txt

!/usr/bin/perl GeBlog 0.1GLOBALStplnameLocal File Inclusion Exploit D.Script: http://sourceforge.net/projects/geblog/ V.Code: include "tpl/".$GLOBALS'tplname'."/html.func.inc.php"; Discovered & Coded by : GolDM = Mahmoodali Contact:[email protected] Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's...