3 matches found
CVE-2024-46911 Apache Roller: Weakness in CSRF protection allows privilege escalation
Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...
CVE-2020-15612 — CentOS Web Panel Authentication Bypass/RCE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...
ShopEx某接口缺陷可遍历所有用户网站
简要描述: ShopEx某接口缺陷,可遍历所有网站 详细说明: 问题出现在shopex 网店使用向导页面 http://guide.ecos.shopex.cn/step2.php?refer=eyJjZXJ0aV9pZCI6MTA1MSwiY2FsbGJhY2tfdXJsIjoiaHR0cDpcL1wvd3d3LmVrYWlkaWFuLmNvbVwvIn0= refer base64解密为 "certiid":'1051',"callbackurl":"http://www.joyogame.net/" 我们修改certiid 即可遍历所有使用了ShopEx程序的网站...