3 matches found
CVE-2022-21643
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...
Denial Of Service (DoS)
js-quantities is vulnerable to denial of service DoS attacks through out-of-memoryOOM.The vulnerability exists due to the function parse in quantities.js which does not properly handle unsanitized user inputs.An attacker can exploit this flaw by inserting evil input strings, leading to an...
Thinksaas 失败的getshell & 一枚注入。
简要描述: /为什么最新一直被走小厂商? 累觉不爱。/ 本来还以为能够直接前台getshell的。 能直接把代码写入文件。 但是最后也都败给了转义符。 还是来注入把。 详细说明: 0x01 失败的Getshell。 \app\mail\action\admin\do.php 访问这里 无需登录。 $arrData = array 'appname' = trim$POST'appname', 'appdesc' = trim$POST'appdesc', 'isenable' = trim$POST'isenable', 'mailhost' = trim$POST'mailhost',...