0.1AI Score
Message boards as a web page with the viewer interactive media and popular,in a variety of large and small site almost always has its shadow,so the message Board is now the site of a key protagonist,so its safe not not seriously considered,now listed in the guestbook when making the three big...
0.1AI Score
CVE ID:CVE-2014-1944 Ilch CMS是一款内容管理系统。 由于传递到“/index.php/guestbook/index/newentry”URL的“text”的HTTP POST参数的用户数据没有充分过滤。远程未经认证的用户可以发送特制的HTTP POST请求,允许永久注入并执行任意HTML和脚本代码。 0 Ilch CMS 2.0 厂商补丁: Ilch CMS 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
-0.8AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to...
5.6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to...
5.6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to...
6.1AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to...
5.6AI Score
0.003EPSS
Ilch CMS 2.0 - Persistent XSS Vulnerability
Ilch CMS version 2.0 suffers from a cross site scripting...
-0.4AI Score
0.003EPSS
-0.4AI Score
0.003EPSS
6.6AI Score
EPSS
-0.2AI Score
0.003EPSS
Cross-Site Scripting (XSS) in Ilch CMS
High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users and administrators of vulnerable application. 1) Cross-Site Scripting (XSS) in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...
0.3AI Score
0.003EPSS
7.1AI Score
0.1AI Score
With this system Government portal, mostly, on Google inurl:gov. cn/jcms way, the amount is not very large. Multiple arbitrary File Download, effects version unknown, probably all affect it. 1. http://target/jcms/m_5_9/sendreport/downfile.jsp?filename=/etc/passwd&savename=passwd.txt To get to the.....
0.9AI Score
cmstop through the kill injection vulnerability-vulnerability warning-the black bar safety net
Play for a few months this vulnerability. See the nine zones there ztz large cattle released out exp. 漏洞 文件 /apps/vote/controller/vote.php app.xxx.com/?app=vote&controller=vote&action=total&contentid=1 To obtain an administrator id ? app=vote&controller=vote&action=total&contentid=1 and 1=2 union.....
0.3AI Score
0.2AI Score
0.002EPSS
简要描述: 多处任意文件下载,影响版本未知,大概都影响吧。 详细说明: http://target/jcms/m_5_9/sendreport/downfile.jsp?filename=/etc/passwd&savename=passwd.txt 要得到网站路径,访问:http://target/jcms/m_5_9/sendreport/,然后生成报表就看得到了。...
7.1AI Score
7.4AI Score
Advanced Guestbook - addentry.php Arbitrary File Upload
Advanced Guestbook - addentry.php Arbitrary File...
0.2AI Score
-0.2AI Score
7.4AI Score
0.3AI Score
0.3AI Score
Dream Flash website management system FCMS v5. 9 the latest vulnerability 0day The database address: xmlEditor/database/####@@@datas.mdb Background xmleditor/login. asp admin/admin Message database: guestbook/db/sywl. asp the cookie injected into the drain Vulnerability file: xml/text. asp...
0.4AI Score
WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting
WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site...
-0.3AI Score
7.1AI Score
7.4AI Score
EPSS
-0.1AI Score
Bernard guestbook 4. 1 official version,post a comment upload attachments can upload directly the ASP implementation file. 'If Action="addsave" Then KeywordsFilter(FilterKeyWord) Dim RequestU,intCount,i,formName,FileSavePath,FileSaveName,uploadsDirVar RelatePath="" FileSavePath="./...
1.7AI Score
7.1AI Score
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
MTP Guestbook 1.0 - Multiple Cross-Site Scripting...
0.2AI Score
7.4AI Score
-0.1AI Score
MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities
Title: MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities Advisory ID: ZSL-2013-5131 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 25.02.2013 Summary MTP Guestbook allows you to put a guestbook on your website. Your visitors can sign it and leave a...
6.3AI Score
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or....
8AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or....
8.7AI Score
0.001EPSS
yourphp cms-stored xss-vulnerability warning-the black bar safety net
yourphp is based on thinkphp framework for the development of the open source cms, there is a storage-typexssvulnerability In the demo of the cms when found this vulnerability, in order to have the power of persuasion, then using the official demo displayxssprocess, In yourphp official...
AI Score
dedecms latest sql injection exploit guestbook. php-vulnerability warning-the black bar safety net
Impact version 5. 7 Vulnerability file edit. inc. php specific code: 0 1 <? php 0 2 if(! defined('DEDEINC')) exit('Request Error!'); 0 3 0 4 if(! empty($_COOKIE['GUEST_BOOK_POS'])) $GUEST_BOOK_POS =$_COOKIE['GUEST_BOOK_POS']; 0 5 else $GUEST_BOOK_POS = "guestbook.php"; 0 6 0 7 $id = intval($id);...
-0.1AI Score
Impact version 5. 7 Vulnerability file edit. inc. php specific code: < ? php if(! defined('DEDEINC')) exit('Request Error!'); if(! empty($_COOKIE['GUEST_BOOK_POS'])) $GUEST_BOOK_POS = $_COOKIE['GUEST_BOOK_POS']; else $GUEST_BOOK_POS = "guestbook.php"; $id = intval($id); if(empty($job))...
0.7AI Score
Woven dream content management system(DedeCms) in a simple, practical, open-source and famous, is domestic most well-known PHP open source website management system, is also using most users of PHP class CMS system, having gone through two years of development, the current version no matter in...
-0.3AI Score
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct...
6.5AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4)...
5.9AI Score
0.002EPSS
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3)...
6.8AI Score
0.009EPSS
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.002EPSS
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3)...
7AI Score
0.009EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4)...
5.8AI Score
0.002EPSS
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct...
6.8AI Score
0.005EPSS
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id...
8.4AI Score
0.002EPSS
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id...
9.1AI Score
0.002EPSS