Sql injection

BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidumap parameters in /user/ztconfig.php...

Arbitrary file deletion

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php...

CVE-2021-41729

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php...

CVE-2021-41729

CVE-2021-41729 affects BaiCloud-cms v2.5.7, with an arbitrary file deletion vulnerability exploitable via /user/ppsave.php. Connected sources provide the product, vulnerable component (server-side file handling), and impact (arbitrary file deletion). CVSS-3.1 indicates a CRITICAL base score (9.1)...

CVE-2021-37344

CVE-2021-37344 affects Nagios XI Switch Wizard prior to version 2.5.7, with remote code execution via OS command injection caused by improper neutralization of special elements in OS commands. Affected product: Nagios XI Switch Wizard (Nagios XI platform). Root cause: improper filtering of specia...