68 matches found
CVE-2018-14331
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my...
CVE-2018-14331
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my...
CVE-2018-14331
The CVE-2018-14331 issue affects XiaoCms X1 v20140305 and is a CSRF vulnerability that allows changing the administrator password via admin/index.php?c=index&a=my. Public records across sources confirm the affected software and the vulnerability class, with CVSS vectors indicating partial confide...
File upload vulnerability in XiaoCms Enterprise Website Edition (XiaoCms企业建站版)
Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XiaoCms Enterprise Website Builder has a file upload vulnerability that can be exploited by attackers to upload malicious scripts to gain administrator privileges...
Arbitrary file deletion vulnerability in XiaoCms background template.php and database.php pages
Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XIAOCMS background template.php and database.php page there are arbitrary file deletion vulnerability. Attackers can successfully delete files in the root directory by...
XiaoCMS admin\controller\login.php page has a logical design vulnerability
XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms based on PHP+Mysql architecture. XiaoCMS admin\controller\login.php page has a logical design vulnerability. The vulnerability is due to the CAPTCHA judgment and restriction of the login function, the attacker...
XIAOcms website builder system has file inclusion vulnerability
XiaoCms Enterprise Building Edition is based on PHP+Mysql architecture It is a small, flexible, simple and easy to use lightweight cms. A file inclusion vulnerability exists in the XIAOcms website builder system. An attacker can exploit this vulnerability to upload script files...
xiaoCMS Arbitrary File Upload Vulnerability
xiaoCMS is a PHP+MYSQL open source web application for publishing news, building corporate, personal portals. xiaoCMS has an arbitrary file upload vulnerability due to lax program filtering. Allowing an attacker to exploit the vulnerability can upload php type webshell, and then control the serve...