Web Application Vulnerabilities

Last updated: 2020-04-20 12:21:46

PDF
Name Level vul_type
Deserialization RCE vulnerability in Adobe ColdFusion Java RMI High Remote code execution
SQL injection vulnerability in admin/login.php of BEESCMS High SQL injection
SQL injection vulnerability in member.php of BEESCMS V4.0 High SQL injection
Code execution vulnerability in cut_image of CmsEasy 5.5 High Remote code execution
SQL injection vulnerability in /member/buy_action.php of DedeCMS High SQL injection
SQL injection vulnerability in /plus/flink_add.php of DedeCMS 5.7 High SQL injection
Remote file inclusion vulnerability in /install/index.php of DedeCMS 5.7 SP1 High File inclusion
Stored cross-site scripting (XSS) vulnerability in carbuyaction.php of DedeCMS High XSS
SQL injection vulnerability in plus/search.php of DedeCMS High SQL injection
SQL injection vulnerability in /member/mtypes.php of DedeCMS V5.7 SP1 High SQL injection
Code execution vulnerability in /source/class/class_image.php of Discuz! X2.5 High Remote code execution
Arbitrary file deletion vulnerability in Discuz!X v3.4 or above High Arbitrary file deletion
Arbitrary code execution vulnerability on the backend of Discuz! X High Remote code execution
SQL injection vulnerability in /faq.php of Discuz! 7.2 High Remote code execution
SQL injection vulnerability in Pre Auth of Drupal < 7.32 High SQL injection
Code execution vulnerability in the RESTWS module of Drupal 7.x High Remote code execution
Remote code execution vulnerability in Drupal (SA-CORE-2018-002) High Remote code execution
Remote code execution in Drupal (SA-CORE-2018-004) High Remote code execution
Arbitrary PHP code execution and information leakage vulnerabilities in Drupal High Remote code execution
Blind injection vulnerability in /api/client/lib_api.php of ECShop High SQL injection
Login authentication bypass vulnerability in /flow.php of ECShop 2.7.3 High Horizontal/vertical privilege escalation
SQL injection vulnerability in /includes/modules/payment/alipay.php of ECShop 2.7.3 High SQL injection
SQL injection vulnerability in shophelp.php of ECShop 2.7.3 High SQL injection
SQL injection vulnerability in comment_manage.php of ECShop High SQL injection
SQL injection vulnerability in shopinfo.php of ECShop High SQL injection
Code injection vulnerability in user.php of ECShop High Remote code execution
GetShell vulnerability due to inadequate filtering on the backend of ECShop High Remote privilege escalation
Code execution vulnerability in ElasticSearch < 1.2.0 High Remote code execution
Arbitrary file upload in eWebEditor 3.8 for PHP High Arbitrary file upload
Remote code execution vulnerability in fastjson High Remote code execution
Arbitrary file deletion vulnerability in admin/app/model/dbmanageModel.php of FengCMS High Arbitrary file deletion
SQL injection vulnerability in app/controller/searchController.php of FengCMS High SQL injection
SQL injection vulnerability in app/model/messageModel.php of FengCMS High SQL injection
SQL injection vulnerability in app/model/moduleModel.php of FengCMS High SQL injection
SQL injection vulnerability in system/core/model.php of FengCMS High SQL injection
File upload vulnerability in controllers/AttachmentController.php of FineCMS High Remote code execution
Arbitrary file upload in FineCMS High Arbitrary file upload
File read vulnerability in Gitlab High Remote code execution
Remote code execution vulnerability in Gogs High Remote code execution
Weak password detection in admin-console of JBoss 4.x-6.x High Weak password
Unauthorized access vulnerability in JMXInvokerServlet of JBoss High Remote code execution
Deserialization vulnerability in JBoss JMXInvokerServlet High Remote code execution
Deserialization remote code execution vulnerability in Jenkins High Remote code execution
Unauthorized arbitrary file read vulnerability in Jenkins High Arbitrary file read
Remote code execution vulnerability in Jolokia 1.3.7 High Remote code execution
Privilege escalation vulnerability in Joomla! 3.4.4–3.6.3 High Privilege escalation
SQL injection vulnerability in Joomla! 3.2.0–3.4.4 High Remote code execution
Remote code execution using HTTP headers in Joomla! High Remote code execution
SQL injection vulnerability in Joomla! 3.7.0 Core High Remote code execution
Privilege escalation vulnerability in Joomla! Core High Remote code execution
SQL injection vulnerability in Joomla! Core High SQL injection
SQL injection vulnerability in admin/admin_conn.php of MacCMS High SQL injection
SQL injection in MacCMS ASP Edition High SQL injection
SQL injection vulnerability in inc/ajax.php of MacCMS High SQL injection
SQL injection vulnerability in /inc/api.php of MacCMS V8 High SQL injection
SQL injection vulnerability in /inc_module_art.php of MacCMS V8 High SQL injection
SQL injection vulnerability in inc/user/alipay/alipayapi.php of MacCMS V8 High SQL injection
SQL injection vulnerability in about/show.php of MetInfo 5.0.4 High SQL injection
SQL injection vulnerability in /message/access.php of MetInfo 5.1 High SQL injection
SQL injection vulnerability in job.php of MetInfo 5.1.7 High Remote code execution
Variable overwriting vulnerability in MetInfo 5.3.1 High Password reset
SQL injection vulnerability on the frontend of Metinfo 5.3.17 High SQL injection
SQL injection vulnerability in MetInfo 6.0.0–6.1.2 High SQL injection
Arbitrary file upload vulnerability in MetInfo v5.1.3 High Arbitrary file upload
Command execution vulnerability in Nexus Repository Manager OSS 3 High Remote code execution
Default password of Nexus Repository Manager OSS High Weak password
SQL injection vulnerability in phpcms/modules/member/index.php of PHPCMS High SQL injection
SQL injection vulnerability in /phpsso_server/phpcms/modules/phpsso/index.php of PHPCMS V9 High SQL injection
SQL injection in the WAP module of PHPCMS V9 High Remote code execution
Arbitrary file upload vulnerability in PHPCMS V9.6.0 High Remote code execution
Arbitrary file read vulnerability in PHPCMS V9.6.1 High Remote code execution
SQL injection vulnerability in PHPCMS V9.6.2 High Remote code execution
Remote code execution in PHPMailer High Remote code execution
SQL injection vulnerability in search.php of PHPMPS High SQL injection
SQL injection vulnerability in the user interface of phpMyAdmin High SQL injection
Arbitrary file inclusion vulnerability in /scripts/setup.php of phpMyAdmin High Remote code execution
SQL injection vulnerability in the export function of phpMyAdmin 4.6.x, 4.4.x, and 4.0.x High SQL injection
XSS vulnerability in phpMyAdmin 4.6.x High XSS
SQL injection vulnerability in the export function of phpMyAdmin 4.6.x High SQL injection
XSRF/CSRF vulnerability in phpMyAdmin 4.7.x High Remote code execution
CSRF vulnerability in phpMyAdmin 4.8.0 High Remote code execution
Remote code execution vulnerability in the dBase extension of phpMyAdmin High Remote code execution
Function vulnerability in PMA_safeUnserialize() of phpMyAdmin High Logic vulnerability
Password-free user login configuration failure in phpMyAdmin High Logic vulnerability
Remote code execution vulnerability in phpMyAdmin High Remote code execution
Remote code execution by authorized users in phpMyAdmin High Remote code execution
Code execution vulnerability in /include/common.func.php of PHPMyWind 5.1 High Remote code execution
SQL injection vulnerability in orderenter.php of PHPMyWind 5.1 High SQL injection
Arbitrary file upload vulnerability in upLoadOfficeFile.php of PHPOA V4.0 High Remote code execution
Arbitrary file upload vulnerability in PHPOA V4.0 High Remote code execution
SQL injection vulnerability in /framework/engine/session_file.php of PHPOK High SQL injection
SQL injection vulnerability in framework/phpok_call.php of PHPOK High SQL injection
SQL injection vulnerability in /framework/www/project/control.php of PHPOK v4.1 High SQL injection
Arbitrary file deletion vulnerability in global.func.php of PHPSHE High Arbitrary file deletion
SQL injection vulnerability in module/index/order.php of PHPSHE High SQL injection
SQL injection vulnerability in userbank.php of PHPSHE High SQL injection
Remote code execution vulnerability in PHPUnit High Remote code execution
SQL injection vulnerability in ask/model/index.class.php of PHPYUN High SQL injection
SQL injection vulnerability in member/model/index.class.php of PHPYUN High SQL injection
SQL injection vulnerability in member/user/model/resume.class.php of PHPYUN High SQL injection
SQL injection vulnerability in model/redeem.class.php of PHPYUN High SQL injection
SQL injection vulnerability in zhidao/search.php of Qibo zhidao High SQL injection
Remote code execution vulnerability in Richfaces High Remote code execution
SQL injection vulnerability in circle/control/api.php of ShopNC High SQL injection
Remote code execution vulnerability in Spring Messaging High Remote code execution
Directory traversal vulnerability in Spring MVC High Information leakage
SpEL expression injection vulnerability in Spring Data REST High Remote code execution
Remote code execution vulnerability in the REST plugin of Struts (S2-052) High Remote code execution
Remote code execution vulnerability in Struts 2 (S2-016) High Remote code execution
Remote code execution vulnerability in Struts 2 (S2-032) High Remote code execution
Remote code execution vulnerability in Struts 2 (S2-045) High Remote code execution
Update injection vulnerability in Thinkphp 3.2.3 High SQL injection
Remote code execution vulnerability in App.php / Module.php of ThinkPHP 5 High Remote code execution
Remote code execution vulnerability in Request.php of ThinkPHP 5 High Remote code execution
Arbitrary code execution vulnerability in Dispatcher.class.php of ThinkPHP High Remote code execution
SQL injection vulnerability in Driver.class.php of ThinkPHP High SQL injection
SQL injection vulnerability in library/think/db/builder.php of ThinkPHP High SQL injection
SQL injection vulnerability in Model.class.php of ThinkPHP High SQL injection
Source code leakage vulnerability in Tomcat 7.x High Information leakage
Remote command execution vulnerability in Tomcat 7.x High Remote code execution
Deserialization in Tomcat JmxRemoteLifecycleListener High Remote code execution
Command execution caused by deserialization in install.php of Typecho High Remote code execution
Command execution vulnerability caused by external access to uWSGI ports High Remote code execution
Arbitrary file upload vulnerability in WebLogic WLS High Arbitrary file upload
Deserialization vulnerability in Weblogic XMLDecode High Remote code execution
Deserialization vulnerability in Weblogic High Remote code execution
Deserialization vulnerability in Weblogic High Remote code execution
Unauthenticated remote code execution in WordPress Core 4.6 High Remote code execution
Remote code execution vulnerability in action.php of WordPress Mailpress High Remote code execution
SQL injection vulnerability in photocontroller.php of YXcms High SQL injection
Brute force SQL injection in YXcms v1.2.7 High SQL injection
Arbitrary file deletion vulnerability in YXcms High Arbitrary file deletion
Regular SQL injection vulnerability in frontend of Z-BlogPHP v1.2 and below High SQL injection
The authentication mechanism issue in Z-Blog plugin_edit.php can lead to GetShell High Remote code execution
SQL injection vulnerability in user/adv2.php of ZZCMS 8.2 High SQL injection
Arbitrary user password change vulnerability in ZZCMS 8.2 High Logic vulnerability
SQL injection vulnerability in blog/member/update_sort.php of Qibo Blog High SQL injection
SQL injection vulnerability in do/js.php of Qibo Blog High SQL injection
SQL injection vulnerability in inc/common.inc.php of Qibo CMS High SQL injection
SQL injection vulnerability in Qibo CMS High SQL injection
SQL injection vulnerability in /member/userinfo.php of Qibo Blog High SQL injection
Remote code execution vulnerability in do/jf.php of the Qibo categorized information system High Remote code execution
Remote code execution vulnerability in Apache Struts 2 (S2-053) Medium Remote code execution
SQL injection vulnerability in /admin/login.php of BlueCMS Medium SQL injection
SQL injection vulnerability in ad_js.php of BlueCMS Medium SQL injection
SQL injection vulnerability in comment.php of BlueCMS Medium SQL injection
Incorrect configuration of crossdomain.xml Medium Misconfiguration
XSS vulnerability in feedback_ajax.php of DedeCMS Medium XSS
SQL injection vulnerability in reg_new.php of DedeCMS Medium Remote code execution
Stored XSS in shops_delivery.php of DedeCMS Medium XSS
Privilege escalation caused by cross-site request forgery (CSRF) in tpl.php of DedeCMS Medium Privilege escalation
Arbitrary file upload vulnerability in friendlink_edit.php of Dedecms v5.7 Medium Arbitrary file upload
Code execution vulnerability in sys_cache_up.php of DedeCMS v5.7 Medium Remote code execution
Code execution vulnerability in sys_verifies.php of DedeCMS v5.7 Medium Remote code execution
Code execution vulnerability in on the backend of DedeCMS Medium Remote code execution
Arbitrary user login vulnerability in DedeCMS Medium Logic vulnerability
Authkey generation algorithm security vulnerability in Discuz! Medium Algorithm security
Remote code execution vulnerability in helper_seo.php of Discuz! Medium Remote code execution
SSRF vulnerability in source/class/extend/extend_thread_image.php of Discuz! X Medium SSRF
XSS vulnerability in the ranking list of Discuz! X Medium XSS
GET type SQL injection vulnerability on the frontend of Discuz x3.2 Medium SQL injection
Stored XSS of frontend replies in Discuz! Medium XSS
Server-side request forgery (SSRF) in Discuz! Medium Remote code execution
Stored XSS in source/function/function_core.php of Discuz! X Medium XSS
Access bypass vulnerability in archiver/index.php of DiscuzX X3.4 Medium Information leakage
XSS vulnerability in spacecp_upload.php of DiscuzX X3.4 Medium XSS
SQL injection vulnerability in affiliate_ck.php of ECShop 2.7.3 Medium SQL injection
Directory traversal in ElasticSearch < 1.4.5 / < 1.5.2 Medium Information leakage
SQL injection vulnerability in /e/member/list/index.php of EmpireCMS Medium SQL injection
XSS vulnerability in EmpireCMS Medium XSS
Command execution caused by CSRF in EmpireCMS Medium Remote code execution
SQL injection vulnerability in citylist.php of ESPCMS Medium SQL injection
SQL injection vulnerability in interface/enquiry.php of ESPCMS Medium SQL injection
SQL injection vulnerability in interface/order.php of ESPCMS Medium SQL injection
Login authentication bypass vulnerability on the backend of ESPCMS Medium SQL injection
SQL injection in FineCMS v5.2.0 Medium Remote code execution
Permission leakage vulnerability in GitLab Medium Information leakage
XSS comparison vulnerability on the backend of MacCMS ASP Edition Medium XSS
SQL injection vulnerability in admin_interface.php of MacCMS V8 Medium SQL injection
Code execution vulnerability in /admin/include/common.inc.php of MetInfo 5.2 Medium Remote code execution
Code execution vulnerability in lang.php of MetInfo 5.2 Medium Remote code execution
Injection vulnerability in /login_check.php of MetInfo 5.3.1 Medium SQL injection
Code execution in MetInfo 5.3.17 Medium Remote code execution
XSS vulnerability in feedback/index.php of MetInfo 6.0 Medium XSS
SQL injection vulnerability in search.php of MetInfo 5.3 Medium SQL injection
EL expression injection vulnerability in Nexus Repository Manager OSS 3 Medium Remote code execution
SQL injection vulnerability in client/user/ourphp_play.class.php of OURPHP Medium SQL injection
SQL injection vulnerability in /phpcms/modules/video/video_for_ck.php of PHPCMS Medium SQL injection
Authkey information leakage in PHPCMS Medium Information leakage
Wide byte injection in respond.php of PHPCMS Medium SQL injection
SQL injection vulnerability in add_favorite.php of PHPCMS v9 Medium SQL injection
Local file read in PHPMailer 5.2.21 Medium Arbitrary file read
SQL injection vulnerability in member.php of PHPCMS Medium SQL injection
Certificate verification vulnerability in Config.class.php of phpMyAdmin Medium Information leakage
Arbitrary file viewing vulnerability in phpMyAdmin server Medium Information leakage
XSS vulnerability in table structure page of phpMyAdmin 4.6.x Medium XSS
GetShell vulnerability on the backend of phpMyAdmin 4.8.1 Medium File inclusion
SQL injection vulnerability in central_columns.lib.php of phpMyAdmin Medium SQL injection
XSRF/CSRF token comparison vulnerability in libraries/common.inc.php of phpMyAdmin Medium Remote code execution
Information leak of messages.inc.php in phpMyAdmin Medium Information leakage
SQL injection vulnerability in phpMyAdmin Medium SQL injection
Multiple XSS vulnerabilities in phpMyAdmin Medium XSS
SQL injection vulnerability in the backend management interface of PHPMyWind 5.0 Medium SQL injection
SQL injection vulnerability in /admin/infoimg_do.php of PHPMyWind 5.2 Medium SQL injection
Arbitrary user password reset in PHPMyWind v5.1 Medium Horizontal/vertical privilege escalation
Arbitrary file upload vulnerability in PHPOK 4.8.338 Medium Arbitrary file upload
Command execution caused by CSRF in PHPOK Medium Remote code execution
SQL injection vulnerability in host header of PHPOK Medium SQL injection
Comment stored XSS in PHPOK Medium XSS
SQL injection vulnerability in /module/index/product.php of PHPSHE Medium SQL injection
SQL injection vulnerability in index.php of PHPSHE Medium SQL injection
SQL injection vulnerability in module/admin/do.php of PHPSHE Medium SQL injection
SQL injection vulnerability in notify_url_db.php of PHPSHE Medium SQL injection
Local file inclusion vulnerability in PHPSHE Medium File inclusion
SQL injection vulnerability in app/controller/weixin/index.class.php of PHPYUN Medium SQL injection
SQL injection vulnerability in app/public/action.class.php of PHPYUN Medium SQL injection
SQL injection vulnerability in app/public/action.class.php of PHPYUN Medium SQL injection
SQL injection vulnerability in member/ajax.class.php of PHPYUN Medium SQL injection
SQL injection vulnerability in member/com/model/show.class.php of PHPYUN Medium SQL injection
Privilege escalation vulnerability in member/user/model/expectq.class.php of PHPYUN Medium Horizontal/vertical privilege escalation
SQL injection vulnerability in member/user/model/show.class.php of PHPYUN Medium SQL injection
SQL injection vulnerability in wap/member/model/index.class.php of PHPYUN Medium SQL injection
XML external entity (XXE) vulnerability in Spring Data with integrated XMLBeam Medium Remote code execution
Remote code execution vulnerability in Spring Security OAuth 2 Medium Remote code execution
No access control set for app_dev.php of Symfony framework Medium Information leakage
SQL injection vulnerability in ThinkPHP 5.x Medium SQL injection
SQL injection vulnerability in Db.class.php of ThinkPHP Medium SQL injection
ThinkPHP getshell caused by a buffer function vulnerability Medium Remote code execution
SSRF vulnerability in Typecho pingback Medium SSRF
Stored XSS via a theme file in WordPress 4.6.1 and below Medium XSS
SSRF in WordPress versions below 4.5 Medium SSRF
Arbitrary file deletion vulnerability in WordPress 4.9.6 Medium Arbitrary file deletion
Stored XSS in WordPress Core 4.7 Medium XSS
Content injection vulnerability in WordPress REST API Medium Horizontal/vertical privilege escalation
Potential unauthorized password reset in core components of WordPress Medium Logic vulnerability
CSRF vulnerability in index.php of WUZHICMS 4.1.0 Medium Remote code execution
SQL injection vulnerability in coreframe/app/tags/index.php of WUZHICMS Medium SQL injection
Stored XSS in myissue.php of WUZHICMS Medium XSS
SQL injection vulnerability in order_goods.php of WUZHICMS Medium SQL injection
Stored XSS in comment.php of YiqiCMS Medium Remote code execution
SQL injection vulnerability in linkController.php of YXcms Medium SQL injection
Arbitrary file deletion in YXcms v1.2.6 Medium Arbitrary file deletion
Unauthorized usage of the account deposit balance in YXcms v1.2.7 Medium Logic vulnerability
Stored XSS in YXcms v1.3.1 Medium XSS
Unauthorized modification of arbitrary user information and acquisition of arbitrary user passwords in YXcms Medium Logic vulnerability
Arbitrary code execution caused by a file upload vulnerability in app.php of Z-Blog Medium Arbitrary file upload
SQL injection vulnerability in dl/dl_sendsms.php in ZZCMS 8.2 Medium SQL injection
Remote code execution vulnerability in install/index.php of ZZCMS 8.2 Medium Remote code execution
Arbitrary file deletion vulnerability in user/adv.php of ZZCMS 8.2 Medium Arbitrary file deletion
Arbitrary file deletion vulnerability in user/manage.php of ZZCMS 8.2 Medium Arbitrary file deletion
Arbitrary file deletion vulnerability in user/ppsave.php of ZZCMS 8.2 Medium Arbitrary file deletion
SQL injection vulnerability in admin/logincheck.php of ZZCMS Medium SQL injection
SQL injection vulnerability in dl/dl.php of ZZCMS Medium SQL injection
SQL injection vulnerability in dl/search.php of ZZCMS Medium SQL injection
SQL injection vulnerability in special/search.php of ZZCMS Medium SQL injection
SQL injection vulnerability in user/logincheck.php of ZZCMS Medium SQL injection
SQL injection vulnerability in control.php of chanzhiCMS Medium SQL injection
SQL injection in system/module/message/control.php of chanzhiCMS Medium SQL injection
Arbitrary code execution caused by a file upload vulnerability in EmpireCMS 6.6 Medium Arbitrary file upload
Remote password change vulnerability in Qibo Blog Medium SQL injection
SQL injection vulnerability in blog/member/postlog.php of Qibo Blog Medium SQL injection
SQL injection vulnerability in showsp.php list.php of the Qibo CMS video system Medium SQL injection
XSS vulnerability in search.php of Qibo Information Medium XSS
SQL injection vulnerability in /zhidao/ask.php of Qibo Zhidao Medium SQL injection
SQL injection vulnerability in /zhidao/editbaike.php of Qibo Zhidao Medium SQL injection
SQL injection vulnerability in /zhidao/postbaike.php of Qibo Zhidao Medium SQL injection
SQL injection vulnerability in listbbs.php of Qibo Blog Medium SQL injection
SQL injection vulnerability in /exam/exam_order.php of Qibo Exam Medium SQL injection
Information leakage in .DS_Store Medium Information leakage
Unrestricted IP source in Apache Server Status Low Information leakage
Password reset vulnerability in /member/resetpassword.php of DedeCMS Low Logic vulnerability
XSS vulnerability in space_poll.php of DiscuzX 3.4 Low XSS
Access bypass vulnerability in Drupal Core Low Information leakage
Verification code bypass logic vulnerability in ECShop V2.7.3 Low Logic vulnerability
Arbitrary file download vulnerability in app/controller/downController.php of FengCMS Low Arbitrary file read
Privilege escalation vulnerability in Joomla! Low Privilege escalation
Two-factor authentication bypass in Joomla! Low Algorithm security
File inclusion vulnerability in Console plugin of Kibana Low File inclusion
Stored XSS in delete.php of MetInfo Low XSS
SQL injection vulnerability in /function/ourphp_shoppingorders.class.php of OURPHP Low SQL injection
SQL injection vulnerability in /function/plugs/Comment/product-content.php of OURPHP Low SQL injection
XSS vulnerability in db_central_columns.php of phpMyAdmin Low XSS
SQL injection vulnerability in model/register.class.php of PHPYUN Low Remote code execution
Privilege escalation vulnerability in wap/member/model/com.class.php of PHPYUN Low Horizontal/vertical privilege escalation
File information leakage vulnerability in svinfo.php of Shopex V4.8.4–4.8.5 Low Information leakage
XSS vulnerability in Wordpress < 4.9.2 Low XSS
Reflected XSS vulnerability in flashmediaelement.swf of WordPress 4.2.0–4.5.1 Low XSS
XSS in oEmbed of WordPress 4.4–4.8.1 Low XSS
Tampered feature of the audio playlist in WordPress Low XSS
Physical path leakage in the Fancybox For WordPress plugin of WordPress Low Information leakage
Passage viewing with bypassed password in WordPress Low Horizontal/vertical privilege escalation
XSS vulnerability in the Duplicator Migration plugin of Wordpress Low XSS
SQL injection vulnerability in /user/adv2.php of ZZCMS Low SQL injection
Reflected XSS vulnerability in system/module/user/control.php of chanzhiCMS Low XSS
Remote code execution vulnerability in inc/class.inc.php of Qibo CMS Low Remote code execution