CatBot v0.4.2 (PHP) - SQL Injection Vulnerability
Document Title: CatBot v0.4.2 (PHP) - SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1408 Release Date: 2015-01-15 Vulnerability Laboratory ID (VL-ID): 1408 Common Vulnerability Scoring System: 7.3 Product & Service Introduction: CatBot is a...
0.1AI Score
0.4AI Score
CatBot 0.4.2 SQL Injection Vulnerability
CatBot version 0.4.2 suffers from a remote SQL injection...
8.1AI Score
0.3AI Score
-0.3AI Score
7.1AI Score
0.2AI Score
7.1AI Score
简要描述: 注入点:www.yonyou.com.hk/new/download_view.php?uid=4 详细说明: 2.数据库:db1007112_ufida中39个表 Database: db1007112_ufida [39 tables] +-------------------------+ | admin_log | | adpic | | app_cat | | app_company | | app_file | |...
7.2AI Score
lorente.ch Open Redirect vulnerability
Open Bug Bounty ID: OBB-53326 Description| Value ---|--- Affected Website:| lorente.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
6.7AI Score
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...
1.6AI Score
EPSS
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Document Title: Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: CVE-2014-2239 Release Date: 2014-12-24 Vulnerability Laboratory ID (VL-ID):...
-0.1AI Score
EPSS
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Exploit for php platform in category web...
6.5AI Score
EPSS
0.2AI Score
EPSS
6.5AI Score
EPSS
0.5AI Score
EPSS
6.7AI Score
EPSS
6.5AI Score
EPSS
Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701
Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rцsemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...
-0.1AI Score
7.1AI Score
CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting
CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site...
-0.5AI Score
7.4AI Score
EPSS
0.2AI Score
-0.1AI Score
简要描述: 大米CMS多处XSS盲打后台 详细说明: 大米CMS多处XSS可以盲打后台,大米CMS后台的SQL注入一大堆,只要进了后台获取数据不成问题 第一处 文件/Web/Lib/Action/GuestbookAction.class.php public function update() { //输出gb2312码,ajax默认转的是utf-8 header("Content-type: text/html; charset=utf-8"); if(!isset($_POST['author']) or...
7AI Score
7.1AI Score
简要描述: 为什么我们要选择get类型的呢,因为get类型存储到数据库的时候触发时候管理员是察觉不到的,可以通过图片等进行操作,然后我们存储一个xss后门,这样一来,我们就可以加载一个远端的js,那么就各种无视token和referer了 详细说明: 开始我们先分析一段源代码: celive/admin/system.php:(line:128-142): `` if($do == 'add' and $username != '') { $password = addslashes($_REQUEST['password']); $password =...
7AI Score
简要描述: 注入 详细说明: 依然是get_ip的问题, guestbook.php:102行 ``` if ($rec == 'insert') { / 跨站请求伪造CSRF的防御 / if ($firewall->check_token($_POST['token'])) { / html安全过滤器 / $_POST = $firewall->dou_filter($_POST); $ip = $dou->get_ip(); $add_time = time(); $vcode =...
7.1AI Score
7.1AI Score
Telekorn Signkorn Guestbook 1.x index.php dir_path Parameter Remote File Inclusion
No description provided by...
7.1AI Score
7.1AI Score
Signkorn Guestbook <= 1.3 (dir_path) Remote File Include Vulnerability
No description provided by...
7.1AI Score
@lexPHPTeam @lex Guestbook 3.12 Remote PHP File Include Vulnerability
No description provided by...
7.1AI Score
7.1AI Score
Telekorn Signkorn Guestbook 1.x help/de/adminhelp3.php dir_path Parameter Remote File Inclusion
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
Advanced Guestbook 2.4.2 Picture.PHP Cross-Site Scripting Vulnerability
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Telekorn Signkorn Guestbook 1.x admin/log.php dir_path Parameter Remote File Inclusion
No description provided by...
7.1AI Score
CS-Guestbook 0.1 Login Credentials Information Disclosure Vulnerability
No description provided by...
7.1AI Score
My Little Homepage Products BBCode Link Tag Script Injection Vulnerability
No description provided by...
7.1AI Score
Advanced GuestBook 2.x Addentry.PHP Remote File Include Vulnerability
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score