11 matches found
EUVD-2018-19300
Malware in sbrugna...
YzmCMS 3.6 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: YzmCMS 3.6 XSS Vulnerability Exploit Author: zzw email protected Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the user...
YzmCMS 3.6 Cross Site Scripting
Exploit Title: YzmCMS 3.6 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the users. poc:...
Design/Logic Flaw
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...
CVE-2018-7653
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...
CVE-2018-7653
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...
CVE-2018-7579
\application\admin\controller\updateurls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/updateurls/updatecategoryurl.html...
CVE-2018-7579
\application\admin\controller\updateurls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/updateurls/updatecategoryurl.html...
Path traversal
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php...
CVE-2018-7479
YzmCMS 3.6 is affected by CVE-2018-7479, a path-disclosure/info-disclosure vulnerability. A remote attacker can discover the full server path by issuing a direct request to application/install/templates/s1.php. The issue is categorized as information disclosure with impact limited to confidential...
CVE-2018-7479
YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php...