34 matches found
EUVD-2018-19448
Malware in sbrugna...
EUVD-2018-19447
Malware in sbrugna...
CVE-2018-7732
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...
CVE-2018-7733
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
SQL Injection Vulnerability in yxtcmf Backend
YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. There is a SQL injection vulnerability in the backend of yxtcmf, which can be exploited by attackers to obtain database sensitive information...
Code Execution Vulnerability in YxtCMF Online Learning System v6.1
YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF Online Learning System v6.1 has a code execution vulnerability that can be exploited by attackers to execute arbitrary code...
Arbitrary File Download Vulnerability in YxtCMF Online Learning System v3.1
YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF Online Learning System v3.1 has an arbitrary file download vulnerability, attackers can login to the system to construct URLs to download arbitrary files...
YxtCMF Cross-Site Request Forgery Vulnerability
YxtCMF is an online learning system. The system has functions such as online live broadcast, online question and answer, teacher management and forum. A cross-site request forgery vulnerability exists in the RbacController.class.php file in YxtCMF version 3.1. A remote attacker can exploit this...
YxtCMF SQL Injection Vulnerability
YxtCMF is an online learning system. The system has functions such as online live broadcast, online question and answer, teacher management and forum. A SQL injection vulnerability exists in the ShitiController.class.php file in YxtCMF version 3.1. A remote attacker can exploit this vulnerability...
Sql injection
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...
CVE-2018-7732
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...
Cross site request forgery (csrf)
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
CVE-2018-7732
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...
CVE-2018-7733
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
CVE-2018-7733
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
CVE-2018-7733
CVE-2018-7733 affects YxtCMF 3.1. The root cause is a CSRF vulnerability in RbacController.class.php, demonstrated by modifying an administrator account via index.php/admin/user/add_post.html. This CSRF flaw could allow an attacker to alter admin information without proper authorization. The conn...
CVE-2018-7733
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
CVE-2018-7732
CVE-2018-7732 affects YxtCMF 3.1 and is a SQL Injection in ShitiController.class.php, triggered by the ids array parameter to exam/shiti/delshiti.html. The issue is confirmed across multiple sources in the connected documents, which describe the vulnerable component and entry point but do not pro...
CVE-2018-7732
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...
SQL injection vulnerability in YxtCMF frontend ShitiController.class.php page
YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the YxtCMF frontend ShitiController.class.php page. The vulnerability is due to the system failing to effectively filter...