XerCMS in***.php file suffers from SQL injection vulnerability

Ctrip CMS XerCMS is a content management system based on php+mysql, integrating membership, community, guestbook, news and model management. An SQL injection vulnerability exists in the XerCMS in.php file, which can be exploited by attackers to obtain sensitive information...

xercms \XerCMS\Modules\member\index.php parameters$_FILES SQL injection

sql injection in D:\wamp\www\XerCMS\Modules\member\index. in php upfiles function public function upfiles setformat'json'; $config = ini'member/group/'. X::$G'group'; ifempty$config exit'Access Denied'; else if$config'upload'0 == 0 error'uploadgrouplimit'; else if$config'upload'1 != 0 &&...

XerCMS 20150528 /XerCMS/Modules/member/index.php SQL注入

No description provided by source...

Xoops XT-Conteudo模块Spaw_Control.Class.PHP远程文件包含漏洞

Xoops XT-Conteudo是一款基于PHP的WEB应用程序。 Xoops XT-Conteudo不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'spawcontrol.class.php'脚本对用户提交的'spawroot'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Xoops XT-Conteudo Module 1.52 目前没有详细解决方案提供： http://www.xoops.org/ !/usr/bin/env python coding: utf-8 import re...