PHP7CMS has a file upload vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS has a file upload vulnerability. Allows attackers to upload webshell and gain server privileges...

File Upload Vulnerability in BEESCMS

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in BEESCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

SQL Injection and File Upload Vulnerabilities in Dimix ERP Office System of Shanghai Demisa Information Technology Co.

Shanghai Demisa Information Technology Co., Ltd. is a company that develops and sells intelligent office management software. A SQL injection and file upload vulnerability exists in the Dimix ERP office system of Shanghai Demisa Information Technology Co. An attacker can exploit the vulnerabiliti...

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...

ASUSTOR ADM Remote Command Execution Vulnerability

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A security vulnerability exists in ASUSTOR ADM version 3.1.0.RFQ3, which stems from the program using the same default username and password as the NAS. An attacker could exploit the vulnerability to log in...

File Upload Vulnerability in Servcorp Highway Project Management Information System

Servcorp Highway Project Management Information System is an engineering project management platform developed for project participants. A file upload vulnerability exists in the Servcorp Expressway Project Management Information System. The vulnerability stems from the failure to strictly restri...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

Default credentials

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

ShopsN open source online store full network system SQL injection vulnerabilities exist

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...

ShopsN open source online store full web system suffers from SQL injection vulnerability (CNVD-2018-17332)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...

File Upload Vulnerability in WSS Project Management System

WSS Project Management System is a browser-based collaborative office platform that integrates "Project Management", "Task Management", "Work Hour Management", "Work Log Management" and "Work Log Management". management" as one of the collaborative office platform. An arbitrary file upload...

Arbitrary File Upload Vulnerability in UCMS Version 1.4.6

UCMS is a simple open source content management system, it can be very convenient to quickly develop various kinds of enterprise station, article station and station system. A file upload vulnerability exists in the \ucms\sadmin\fi.php page of UCMS version 1.4.6. An attacker can exploit the...

Arbitrary File Editing Vulnerability in UCMS Version 1.4.6

UCMS is a simple open source content management system, which can be used to quickly develop a variety of enterprise stations, article stations and station systems. UCMS version 1.4.6 \ucms\sadmin\fi.php page arbitrary file editing vulnerability. An attacker can exploit the vulnerability to edit...

ShopsN open source online store system adHandle function there are SQL injection vulnerabilities

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN 2.3.3 official version of the adHandle...

Multiple vulnerabilities in jspxcms

jspxcms is an open source content management system based on java and jsp technology . jspxcms cross-site request forgery and reflective cross-site scripting vulnerabilities. Attackers can use the vulnerability to send scripts containing malicious links , to be reviewed by the administrator can b...

File Upload Vulnerability in BEESCMS Enterprise Website Management System V4.0

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in BEESCMS Enterprise Website Management System V4.0. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

phpMyAdmin 4.8.1 Local File Inclusion

The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Lin...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion Vulnerability

Exploit for php platform in category web applications The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long ...