Arbitrary File Deletion Vulnerability in Zoomla!

Zoomla! Wave CMS is a CMS website core and management system R & D vendors, integrated content management, shopping malls, OA, SNS, project management, collection, e-mail subscription to hundreds of features , based on the . net platform and support cross-platform and mobile. Zoomla! CMS has an...

Arbitrary File Read Vulnerability in Latest Version of Zoomla!

Zoomla! Wave CMS is a CMS website core and management system R & D vendors, integrated content management, shopping malls, OA, SNS, project management, collection, e-mail subscription to hundreds of features , based on the . net platform and support cross-platform and mobile. Zoomla! CMS latest...

Wave by wave cms file upload vulnerability

Wave CMS is the use of dotNET2.0 technology platform architecture, based on MSSQL2005 compatible with MSSQL2000 technology development of the site management system. Wave CMS file upload vulnerability, /Plugins/swfFileUpload/UploadHandler.ashx global filtering, can be bypassed by rewriting the ca...

By wave cms x2. 1 x2. 0 version there is a file upload vulnerability in official website of the demo test is successful(reference poc)-vulnerability warning-the black bar safety net

Brief description: By the waves of the latest version there is a file upload vulnerability See x2. 0 the presence of the same vulnerability x2. 0 the following did not see do not know whether the presence of the same upload vulnerability Detailed description: Vulnerability page code area...

By wave cms somewhere in the unauthorized filling into the-vulnerability warning-the black bar safety net

http://demo.zoomla.cn/app/addTemplate.aspx 后台 管理, the application of push to add the template. js jump, can you believe? app/addTemplate. aspx code area %@ page language="C" autoeventwireup="true" inherits="manageAPPAddAPP, AppWebcin4d2pk" enableEventValidation="false"...

By wave CMS General-purpose SQL injection 8+9（select models）-bug warning-the black bar safety net

Brief description: It seems by the waves begin to completely closed-source. Already ready to block everyone decompile, temporarily also don't know is with what method, after the if research out of words to say it. So official don't pull what XXX the source package, not open source is not a shame...

By wave CMS General-purpose SQL injection vulnerability analysis with the use of(asp.net)-vulnerability warning-the black bar safety net

Bypass that very simple anti-injection. Directly you can update the administrator password. Injection point: http://demo.zoomla.cn/user/cashcoupon/arrivejihuo.aspx Page button Click event: | 1 | protected void BtnClick calls bArrive. UpdateStatetext; ---|--- 2 | public bool UpdateStatestring...