CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

Blogbook 注入漏洞

Blogbook is a content management system project by Chaitak Gorai, an individual developer. Blogbook has an injection vulnerability that stems from a SQL injection in the parameter uid in the file /user.php...