CVE-2024-40037

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userScoredeal.php?mudi=del...

CVE-2024-40038

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userScoredeal.php?mudi=rev...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Proxy System is a cloud management proxy system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idcCMS v1.35, which originates from a cross-site request forgery vulnerability in the...

Upgraded Q -> 2 from #659 [1699030291397]

Judge has assessed an item in Issue 659 as 2 risk. The relevant finding follows: L-01 updateScores will result in DoS if pass a user with an already updated score Impact If updateScores is called for a user who is already updated in the same round, the function will misbehave, causing it to repea...

thinksaas最新版存储xss

简要描述： 过滤不当 详细说明： 最新版下载地址http://www.thinksaas.cn/service/down/ 跟前面thinksaas最新版xss2 WooYun: thinksaas最新版xss2 thinksaas最新版xss WooYun: thinksaas最新版xss 原理都一样 吐槽下 官网不让注册帐号 就在本地测试了 前人的我测试一个现在还可以 当然 漏洞文件肯定是不一样的 漏洞文件 在app/article/action/add.php 25行中没有过滤 48行插入数据库 isLogin; switch $ts case "" : if...