3 matches found
CVE-2019-17369
OTCMS v3.85 has CSRF in the admin/memberdeal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin...
CVE-2019-17370
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...
Trend Micro Deep Discovery Inspector Cross-Site Scripting Vulnerability (CNVD-2018-20680)
Trend Micro Deep Discovery Inspector DDI is a protection product from Trend Micro that can detect and identify hard-to-find threats in real time and propose solutions. A cross-site scripting vulnerability exists in Trend Micro DDI version 3.85 and earlier versions, which can be exploited by a...