Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2015/09/21 12:0 a.m.190 views

JCMS系统opr_classajax.jsp SQL注入漏洞

漏洞文件:/jcms/jcmsfiles/jcms1/web1/site/module/sitesearch/oprclassajax.jsp漏洞参数:?classid=11漏洞成因:对参数没有做过滤处理,直接导致注入产生漏洞分析:oprclassajax.jsp文件:%@page language="java" contentType="text/html; charset=UTF-8"% %@page import="com.hanweb.common.util.Convert"% %@page import="jcms.dbmanager.Manager"% %@page...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/01/12 12:0 a.m.190 views

青果教务系统多处漏洞可整站脱裤

简要描述: 绕过WAF 详细说明: 一、验证码可重复利用导致撞库漏洞 今年,随着国外Gmail及国内多个大型电商受到撞库攻击,撞库已然成为高危漏洞。通过撞库,黑客可成功窃取大量账户作为进一步攻击的手段,现在全国多个高校在用的青果教务系统验证码未处理导致可重复利用,最终经过一些暴力枚举可获取学生信息 谷歌:intitle:"学生综合管理系统" inurl:"xsweb" 可以获得不少青果管理系统 主站登陆处 案例1.http://xsweb.uvu.edu.cn/ 首先通过社工得到学号:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/02/04 12:0 a.m.190 views

Apache Tomcat请求对象安全限制绕过漏洞

BUGTRAQ ID: 51442 CVE ID: CVE-2011-3375 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在安全限制绕过漏洞,成功利用后可允许攻击者绕过某些安全策略限制。 0 Apache Group Tomcat 7.x Apache Group Tomcat 6.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://jakarta.apache.org/tomcat/index.html...

5CVSS4.7AI score0.06694EPSS
Exploits2
seebug.org
seebug.org
added 2010/02/02 12:0 a.m.190 views

Vermillion FTP Deamon v1.31 Remote BOF Exploit

No description provided by source. Exploit Title: Vermillion FTP Deamon Remote BOF Exploit Date: 29/01/2010 Author: Dzattacker Software Link: http://www.softsea.com/download/Vermillion-FTP-Daemon.html Version: 1.31 Tested on: Windows xp sp3 Code : !/usr/bin/python + Original :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/20 12:0 a.m.189 views

ubuntu特权提升漏洞(CVE-2021-3493)

...

7.2CVSS0.8AI score0.43988EPSS
Exploits27
seebug.org
seebug.org
added 2018/07/09 12:0 a.m.189 views

Aurora IDEX Membership(IDXM), ERC20 Token, allows attackers to acquire contract ownership (CVE-2018–10666)

Abstract I found a new vulnerability in smart contract of IDXM Token CVE-2018–106661. Attackers can acquire contract ownership because the setOwner function is delcared as public. A new owner can subsequently bypass intended access restrictions by, for example, calling uploadBalances. Details In...

3.1AI score0.00971EPSS
Exploits1
seebug.org
seebug.org
added 2017/05/18 12:0 a.m.189 views

Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell

Oracle PeopleSoft I had the chance, a few months ago, to audit several Oracle PeopleSoft solutions, including PeopleSoft HRMS and PeopleTool. Despite several undocumented CVEs, the Internet did not have much to offer on how to attack the software, except for the very informative talk from ERPScan...

6.4CVSS7.4AI score0.25832EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.189 views

Lazarus Guestbook 1.6 codes-english.php show Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.189 views

FileSeek CGI Script Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6783/info FileSeek is an example cgi-script from The CGI/Perl Cookbook from John Wiley & Sons. The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. It has...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.189 views

TSEP <= 0.942 (colorswitch.php) Remote Inclusion Vulnerability

No description provided by source. Script: TSEP = 0.942 URL: www.tsep.info Discovered: beford xbefordx gmail com Comments: registerglobals must be enabled duh. document.this != http://www.milw0rm.com/exploits/2098 Vulnerable Files/Code:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/09/19 12:0 a.m.189 views

大汉版通JCMS内容管理系统SQL注射漏洞

简要描述: 大汉版通JCMS内容管理系统某处参数未经处理即入库查询导致SQL注射漏洞产生,可利用来登录后台等,当前测试存在该漏洞的版本为JCMS2010。 详细说明: 1. 大汉版通JCMS内容管理系统JCMS2010默认后台登录页中由于用户名未经处理即带入数据库查询产生SQL注射漏洞。 2. 利用测试: 后台登录页:http://www.target.com/jcms/ 用户名:x' union select...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/08 12:0 a.m.189 views

Lighttpd 'mod_userdir'大小写区分对比安全绕过漏洞

BUGTRAQ ID: 31600 CVE ID:CVE-2008-4360 CNCVE ID:CNCVE-20084360 Lighttpd是一款开放源代码的WEB服务器程序。 Lighttpd 'moduserdir'模块存在安全绕过问题,远程攻击者可以利用漏洞绕过部分安全限制,获得敏感信息。 lighttpd...

7.8CVSS0.04345EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/25 12:0 a.m.188 views

dedecms最新版本后台getshell

官方下载最新安装包http://updatenew.dedecms.com/base-v57/package/DedeCMS-V5.7-UTF8-SP2.tar.gz 环境:Linux+phpstudy 上传图片抓包 POST /dedecms/include/dialog/selectimagespost.php?CKEditor=body&CKEditorFuncNum=2&langCode=zh-cn HTTP/1.1 Host: Content-Length: 42080 Cache-Control: max-age=0 Origin: http://...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/07 12:0 a.m.188 views

JEECMS XssFilter缺陷导致的存储型XSS漏洞

简要描述: 自带的XssFilter绕过。 详细说明: 在官网下载最新的jeecmsV7 http://.../fabu/41667.jhtml 其中的web.xml中配置了XssFilter如下: XssFilter ...mon.web.XssFilter excludeUrls /member/contribute@/jeeadmin/jeecms@/flowstatistic SplitChar @ FilterChar '@"@@@:@%@ ReplaceChar ‘@“@\@#@:@%@> 在...mon.web.XssFilter中代码如下: public class...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/30 12:0 a.m.188 views

StrongSoft 四创灾害预警系统SQL报错注入(queryvalue参数)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/09/25 12:0 a.m.188 views

nginx WebDAV目录遍历漏洞

BUGTRAQ ID: 36490 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx可以用作webdav发布服务器,通过webdav用户可以将文件从一个位置拷贝或移动到另一个位置。MOVE或COPY方式需要使用包含有放置文件位置信息的Destination: HTTP头。如果在这个头中使用“../”等字符,攻击者就可以遍历目录树,将文件放置在webroot之外。 nginx默认以nobody用户权限运行,因此这个bug并不严重,因为攻击者仅允许向/tmp/或属于nobody的目录写入文件。此外,攻击还需要webdav的upload权限。 Igor Sysoev nginx...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2006/09/15 12:0 a.m.188 views

Limbo CMS &lt;= 1.0.4.2L (com_contact) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- Limbo = 1.0.4.2L "comcontact" remote commands execution exploit by rgod [email protected] site: http://retrogod.altervista.org dorks:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/04/21 12:0 a.m.187 views

TotalCalendar 2.4 (inc_dir) Remote File Inclusion Vulnerability

No description provided by source. //// //1 9 2 3 T U R K - G R U P// //// //-----------------------------------------------------------------------// --+-- Home Page : "http://www.simpoe.com/" Download : "http://www.simpoe.com/calendre/TotalCalendar2.4.zip" ScriptName: "Simpoe Event Calendar"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/03/22 12:0 a.m.187 views

ZyXEL ZyWALL Quagga/Zebra (default pass) Remote Root Vulnerability

No description provided by source. Name: ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability Release Date: 10 March 2008 Discover: Pranav Joshi [email protected] Vendor: ZyXEL Products Affected: ZyWALL Status on other affected products & firmwares pending from vendor’s end CVE-2008-1160 BID...

7.5CVSS6.6AI score0.14761EPSS
Exploits5
seebug.org
seebug.org
added 2007/11/14 12:0 a.m.187 views

PHP-Nuke Advertising Module Modules.PHP SQL注入漏洞

PHP-Nuke Advertising Module是一款基于PHP的WEB应用程序。 PHP-Nuke Advertising Module不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'Modules.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 PHP-Nuke Advertising Module 0.9 升级到最新的PHP-Nuke Advertising Module 0.9...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/19 12:0 a.m.186 views

jact大汉网上互动管理平台 前台getshell

简要描述: jact系统为南京大汉网络有限公司开发的一套面向政府机关的网上互动管理平台。该平台在政府部门得到广泛的应用 详细说明: jact系统为南京大汉网络有限公司开发的一套面向政府机关的网上互动管理平台。该平台在政府部门得到广泛的应用 jact前台写信功能,任意文件上传导致getshell 漏洞URL: http://www.anxiang.gov.cn/jact/front/frontmailwrite.action 在上传附件部分,存在任意文件上传 该功能,仅在前端做了文件名校验 function isattachfile,ImageFileExtend,isAlert...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/11/25 12:0 a.m.186 views

Huawei eSpace 8950 IP Phone拒绝服务漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.186 views

Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability

No description provided by source. ---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/05/04 12:0 a.m.185 views

NagiosXI <= 5.4.12 info.php SQL injection(CVE-2018-10736)

NagiosXI = 5.4.12 info.php SQL injectionCVE-2018-10736 Description A SQL injection issue was discovered in Nagios XI via the admin/info.php key1 parameter. Affected Version Nagios XI 5.2.x Nagios XI 5.4.x before 5.4.13 Proof of concept...

2AI score0.42556EPSS
Exploits2
seebug.org
seebug.org
added 2017/03/09 12:0 a.m.185 views

Linux kernel local privilege escalation flaw in n_hdlc(CVE-2017-2636)

This article discloses the exploitation of CVE-2017-2636, which is a race condition in the nhdlc Linux kernel driver drivers/tty/nhdlc.c. The described exploit gains root privileges bypassing Supervisor Mode Execution Protection SMEP. This driver provides HDLC serial line discipline and comes as ...

7.2CVSS7.6AI score0.03723EPSS
Exploits11
seebug.org
seebug.org
added 2016/04/23 12:0 a.m.185 views

盈世Coremail XT3.0 附件处存储型XSS

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.185 views

ProjectSend r582 多个(持久)XSS漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/01 12:0 a.m.185 views

Wordpress Bonuspressx插件-ar_submit.php文件-跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.185 views

Pligg <= 9.9.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print \n; print Pligg = 9.9 Remote Code Execution Exploit \n; print \n; dork = Powered By Pligg + Legal: License and Source Proxy address...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.185 views

CartWIZ 1.10 ProductDetails.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13332/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitatio...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.185 views

Thomson SpeedTouch 2030 SIP Empty Message Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25464/info Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/20 12:0 a.m.184 views

Linux内核 Keyrings 引用计数溢出 UAF 漏洞

漏洞分析 Linux Kernel的这个漏洞会造成两个影响,第一个是造成信息泄露,可以bypass ASLR,另一个是UAF造成代码执行,利用的是KeyRing机制中的两个漏洞,一个是对Keyring操作控制不严谨,另一个是利用对Keyring计数变量控制不严谨,其中代码执行利用条件相对苛刻,下面对此漏洞进行详细分析。 Keyring信息泄露: Keyring和安全密钥有关,进程可以申请自己新的keyring,同时也可以通过申请新的keyring替换老的keyring,其中,调用到joinsessionkeyring函数。 long joinsessionkeyringconst cha...

7.2CVSS6.9AI score0.03646EPSS
Exploits14
seebug.org
seebug.org
added 2016/01/28 12:0 a.m.184 views

Shop7z show.asp cookie注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/14 12:0 a.m.184 views

用友致远A6协同系统createMysql.jsp信息泄露

该漏洞泄露了数据库用户的账号,密码hash.code 区域/yyoa/createMysql.jsp /yyoa/ext/createMysql.jsp该文件的代码为:%@ page language="java" % %@ page session="true" % %@ page isThreadSafe="true" % %@ page import="java.sql.,net.btdz.oa.common." % % CommonSql.exeUpdate"DELETE FROM mysql.user WHERE User = 'cubetech' ";...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.184 views

deV!L`z Clanportal Gamebase Addon SQL Injection Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.184 views

PK-Designs PKs Movie Database 3.0.3 'index.php' SQL Injection and Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27713/info PKs Movie Database is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/05/17 12:0 a.m.184 views

nginx 1.3.9-1.4.0 DoS PoC

No description provided by source. !/usr/bin/env python Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2070 Google Dork: CVE-2013-2070 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link:...

5.8CVSS9.5AI score0.11925EPSS
Exploits3
seebug.org
seebug.org
added 2012/12/29 12:0 a.m.184 views

ECShop 2.7.3 flow.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/11/16 12:0 a.m.184 views

Sudo &lt;= 1.6.9p18 (Defaults setenv) Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Sudo = 1.6.9p18 local r00t exploit by Kingcope/2008/www.com-winner.com Most lame exploit EVER! Needs a special configuration in the sudoers file: --- "Defaults setenv" so environ vars are preserved : --- May also need the current users password to be...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/05/08 12:0 a.m.184 views

phpListPro &lt;= 2.01 Multiple Remote File Include Vulnerabilities

No description provided by source. Title: phpListPro = 2.01 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: SmartISoft URL: http://smartisoft.com ----------------------------------------------------------------- Credits: Discovered by:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/03/13 12:0 a.m.183 views

duomicms前台全局变量覆盖导致getshell

...

1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.183 views

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC

No description provided by source. Exploit-DB mirror: http://www.exploit-db.com/sploits/33056-sepm-secars-poc-v0.3.tar.gz !/usr/bin/perl -w Exploit Title: Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC Date: 31 January 2013 Exploit Author: [email protected] a.k.a...

7.9CVSS0.04383EPSS
Exploits4
seebug.org
seebug.org
added 2007/04/18 12:0 a.m.183 views

XOOPS TeamSpeak Display TSDisplay4xoops_block2.PHP远程文件包含漏洞

XOOPS TeamSpeak Display是一款基于PHP的WEB应用程序。 XOOPS TeamSpeak Display不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'tsdisplay4xoopsblock2.php'脚本对用户提交的'xoopsurl'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 tsdisplay4xoops tsdisplay4xoops 0.1 tsdisplay4xoops tsdisplay4xoops 0.08 目前没有解决方案提供:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/04/19 12:0 a.m.182 views

Pre-Auth MySQL remote DOS (Integer Overflow)(CVE-2017-3599)

MySQL server is affected by a remote DoS attack, which could be exploited by a remote unauthenticated attacker to cause a loss of availability on the targeted service. The issue has been verified to affect 5.6.X branch up to 5.6.35 and 5.7.X branch up to 5.7.17. It is strongly recommended that...

7.8CVSS8.3AI score0.89924EPSS
Exploits7
seebug.org
seebug.org
added 2014/11/21 12:0 a.m.182 views

xpshop商城管理系统储存型XSS,可盲打后台

简要描述: 这个是商城管理系统,你们懂得哈 详细说明: demo演示哈 官网:http://xpshop.cn demo地址http://hzp.xpshop.cn demo后台:http://etp.xpshop.cn/admin 用户名:admin 密码:888888 先注册个会员账号,然后存在XSS的地址在会员中心--地址管理--收货人姓名那里我先插入 然后保存可以看到成功弹窗 然后查看源码可以看到是储存型XSS 接下来先去随便选个东西 然后购买,地址那里是我们之前插入的XSS语句...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/16 12:0 a.m.182 views

phpmywind 5.0 后台GetShell漏洞

简要描述: 这各漏洞子前被报过,但是厂商的修复不彻底。 详细说明: admin/webcongif.php 的过滤代码如下。 //强制去掉 ' //强制去掉最后一位 / $vartmp = strreplace"'",'',$row'varvalue'; ifsubstr$vartmp, -1 == '\' $vartmp = substr$vartmp,1,-1; 只过滤了最后一位的反斜杠,只需要加两个反斜杠就可以了····· 首先修改网站配置信息 configcache.php中会变成这样 $cfgwebname = '的网站'; $cfgweburl =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/20 12:0 a.m.182 views

FangMail后台SQL注射漏洞

简要描述: 1.通用漏洞 2.本案例中,很多(1900+)企业的邮件系统都托管在同一个服务器上,那么,理论上我将得到多少信息? 详细说明: 举例说明 1.通过http://mail.aodacn.com/nmc/cgi/index.cgi登陆后台 2.注入点如下: http://mail.aodacn.com/nmc/cgi/ann.cgi?mode=editann&sid=gcipW8QUgtZsKVRpHWPKcFtjadministrator-aodacncom&annid=47&screen=editann.html 其中,annid存在注入 3. 4...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/06/05 12:0 a.m.182 views

MS Internet Explorer Remote Wscript.Shell Exploit

No description provided by source. ----------------------------------------------------- default.htm ------------------------------------------------------- html body img src="cc.exe" width=0 height=0 style=display:none script language="Javascript" function InjectedDuringRedirection...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/01/14 12:0 a.m.184 views

Apache HTTP Server 2.2.6, 2.0.61和1.3.39 'mod_status'跨站脚本漏洞

BUGTRAQ ID: 27237 CVE ID:CVE-2007-6388 CNCVE ID:CNCVE-20076388 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modstatus模块存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,可能获得目标用户敏感信息。 server-status页默认不启用。目前没有详细漏洞细节提供。 Posadis Posadis 1.3.31 Posadis Posadis 1.3.28 Apache Software Foundation Apache 2.2.6 Apac...

4.3CVSS0.1AI score0.75891EPSS
Exploits1
seebug.org
seebug.org
added 2007/12/26 12:0 a.m.182 views

Galleria远程文件包含漏洞

BUGTRAQ ID: 18808 CVECAN ID: CVE-2006-3396 Galleria是一款Mambo的组件。 Galleria处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Galleria的galleria.html.php脚本没有正确验证mosConfigabsolutepath参数的输入,允许攻击者通过包含本地或外部资源的任意文件导致执行任意PHP代码。 Mambo Galleria Component 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

6.8CVSS6.4AI score0.03763EPSS
Exploits2
Total number of security vulnerabilities5000