55 matches found
ZeroCMS Privilege Escalation & SQL Injection Vulnerabilities
ZeroCMS is prone to privilege escalation, cross-site scripting and sql injection vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation
Exploit for php platform in category web applications import sys,getopt,cookielib,urllib2,urllib ZeroCMS 1.0 zerotransactuser.php Impropper Form post hanling, parameter polution Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ author: email protected Tested on: php 5.4....
ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation
ZeroCMS 1.0 - zerotransactuser.php Handling Privilege Escalation import sys,getopt,cookielib,urllib2,urllib ZeroCMS 1.0 zerotransactuser.php Impropper Form post hanling, parameter polution Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ author: [email protected]...
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
import sys,getopt,cookielib,urllib2,urllib ZeroCMS 1.0 zerotransactuser.php Impropper Form post hanling, parameter polution Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ author: [email protected] Tested on: php 5.4.27 OSVDB ID: 108025 description Summary: ZeroC...
ZeroCMS 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications ZeroCMS 1.0 articleid SQL Injection Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ Affected version: 1.0 Summary: ZeroCMS is a very simple Content Management System built using PHP and MySQL. Desc:...
CVE-2014-4034
SQL injection vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter...
Sql injection
SQL injection vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter...
CVE-2014-4034
CVE-2014-4034 concerns ZeroCMS 1.0, where a SQL injection flaw exists in zero_view_article.php via the article_id parameter. The vulnerability allows remote attackers to manipulate SQL queries and potentially access or alter data in the backend. The issue is documented with a base CVSS v2 score o...
CVE-2014-4034
SQL injection vulnerability in zeroviewarticle.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter...
ZeroCMS 1.0 - zero_view_article.php SQL Injection
ZeroCMS 1.0 - zeroviewarticle.php SQL Injection ZeroCMS 1.0 articleid SQL Injection Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ Affected version: 1.0 Summary: ZeroCMS is a very simple Content Management System built using PHP and MySQL. Desc: Input...
ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection
ZeroCMS 1.0 articleid SQL Injection Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ Affected version: 1.0 Summary: ZeroCMS is a very simple Content Management System built using PHP and MySQL. Desc: Input passed via the 'articleid' GET parameter to...
ZeroCMS 1.0 SQL Injection
ZeroCMS 1.0 articleid SQL Injection Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ Affected version: 1.0 Summary: ZeroCMS is a very simple Content Management System built using PHP and MySQL. Desc: Input passed via the 'articleid' GET parameter to...
ZeroCMS 1.0 (article_id) SQL Injection Vulnerability
Summary ZeroCMS is a very simple Content Management System built using PHP and MySQL. Description Input passed via the 'articleid' GET parameter to zeroviewarticle.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting...
ZeroCMS 1.0 Alpha - Arbitrary File Upload SQL Injection
ZeroCMS 1.0 Alpha - Arbitrary File Upload SQL Injection | | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Zero CMS Remote Arbitrary File Upload / SQL Injections | | Version: = 1.0 Alpha Last | | Vendor: www.zero-cms.com | | Discovered by: KiNgOfThEwOrLd | | Intro: | | | | An...
ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection
| | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Zero CMS Remote Arbitrary File Upload / SQL Injections | | Version: = 1.0 Alpha Last | | Vendor: www.zero-cms.com | | Discovered by: KiNgOfThEwOrLd | | Intro: | | | | An attacker can bypass the avatar upload extension filter editing...