Cubic CMS多个安全漏洞

Cubic CMS是一款内容管理系统。 由于/login.usuario没有正确过滤传递的'login'和'pass' POST参数的用户输入，允许远程攻击者注入或操纵SQL查询。 0 Cubic CMS 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.cubicfactory.com/ I. BACKGROUND ------------------------- "CUBIC CMS" is a non-free content management system for websites and portals o...

Cubic CMS SQL Injection / LFI / Path Disclosure

I. BACKGROUND ------------------------- "CUBIC CMS" is a non-free content management system for websites and portals of any size, powerful, adaptable to any graphic design that allows users administration 100% professional but simple at the same time that website. II. VULNERABILITIES...