CVE-2024-8353

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

ThinkSAAS最新版2.4 Xss漏洞

简要描述： 未过滤 详细说明： 先看写入代码： /var/www/html/thinksaas/app/my/action/setting.php case "citydo": $province = trim$POST'province'; $city = trim$POST'city';//只过滤两处空白 //这里就直接写入数据库了 $new'my'-update'userinfo',array 'userid'=$userid, ,array 'province'=$province, 'city'=$city, ; tsNotice"常居地更新成功！"; break; Updat...

Iwebsns sql 第二枚。

简要描述： 过滤不严。 详细说明： 在action/users/userinfo.action.php中 $userid =getsessuserid; $model = shortcheckgetargg'model'; $birthyear = shortcheckgetargp'birthyear'; $birthmonth = shortcheckgetargp'birthmonth'; $birthday = shortcheckgetargp'birthday'; $residecity = shortcheckgetargp'residecity';...

Irola My-Time 3.5 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================== Irola My-Time 3.5 Remote SQL Injection Vulnerability ==================================================== ----------------------------- Vendor: http://www.irola.com Username/Password...