Deserialization RCE vulnerability in Adobe ColdFusion Java RMI |
High |
Remote code execution |
SQL injection vulnerability in admin/login.php of BEESCMS |
High |
SQL injection |
SQL injection vulnerability in member.php of BEESCMS V4.0 |
High |
SQL injection |
Code execution vulnerability in cut_image of CmsEasy 5.5 |
High |
Remote code execution |
SQL injection vulnerability in /member/buy_action.php of DedeCMS |
High |
SQL injection |
SQL injection vulnerability in /plus/flink_add.php of DedeCMS 5.7 |
High |
SQL injection |
Remote file inclusion vulnerability in /install/index.php of DedeCMS 5.7 SP1 |
High |
File inclusion |
Stored cross-site scripting (XSS) vulnerability in carbuyaction.php of DedeCMS |
High |
XSS |
SQL injection vulnerability in plus/search.php of DedeCMS |
High |
SQL injection |
SQL injection vulnerability in /member/mtypes.php of DedeCMS V5.7 SP1 |
High |
SQL injection |
Code execution vulnerability in /source/class/class_image.php of Discuz! X2.5 |
High |
Remote code execution |
Arbitrary file deletion vulnerability in Discuz!X v3.4 or above |
High |
Arbitrary file deletion |
Arbitrary code execution vulnerability on the backend of Discuz! X |
High |
Remote code execution |
SQL injection vulnerability in /faq.php of Discuz! 7.2 |
High |
Remote code execution |
SQL injection vulnerability in Pre Auth of Drupal < 7.32 |
High |
SQL injection |
Code execution vulnerability in the RESTWS module of Drupal 7.x |
High |
Remote code execution |
Remote code execution vulnerability in Drupal (SA-CORE-2018-002) |
High |
Remote code execution |
Remote code execution in Drupal (SA-CORE-2018-004) |
High |
Remote code execution |
Arbitrary PHP code execution and information leakage vulnerabilities in Drupal |
High |
Remote code execution |
Blind injection vulnerability in /api/client/lib_api.php of ECShop |
High |
SQL injection |
Login authentication bypass vulnerability in /flow.php of ECShop 2.7.3 |
High |
Horizontal/vertical privilege escalation |
SQL injection vulnerability in /includes/modules/payment/alipay.php of ECShop 2.7.3 |
High |
SQL injection |
SQL injection vulnerability in shophelp.php of ECShop 2.7.3 |
High |
SQL injection |
SQL injection vulnerability in comment_manage.php of ECShop |
High |
SQL injection |
SQL injection vulnerability in shopinfo.php of ECShop |
High |
SQL injection |
Code injection vulnerability in user.php of ECShop |
High |
Remote code execution |
GetShell vulnerability due to inadequate filtering on the backend of ECShop |
High |
Remote privilege escalation |
Code execution vulnerability in ElasticSearch < 1.2.0 |
High |
Remote code execution |
Arbitrary file upload in eWebEditor 3.8 for PHP |
High |
Arbitrary file upload |
Remote code execution vulnerability in fastjson |
High |
Remote code execution |
Arbitrary file deletion vulnerability in admin/app/model/dbmanageModel.php of FengCMS |
High |
Arbitrary file deletion |
SQL injection vulnerability in app/controller/searchController.php of FengCMS |
High |
SQL injection |
SQL injection vulnerability in app/model/messageModel.php of FengCMS |
High |
SQL injection |
SQL injection vulnerability in app/model/moduleModel.php of FengCMS |
High |
SQL injection |
SQL injection vulnerability in system/core/model.php of FengCMS |
High |
SQL injection |
File upload vulnerability in controllers/AttachmentController.php of FineCMS |
High |
Remote code execution |
Arbitrary file upload in FineCMS |
High |
Arbitrary file upload |
File read vulnerability in Gitlab |
High |
Remote code execution |
Remote code execution vulnerability in Gogs |
High |
Remote code execution |
Weak password detection in admin-console of JBoss 4.x-6.x |
High |
Weak password |
Unauthorized access vulnerability in JMXInvokerServlet of JBoss |
High |
Remote code execution |
Deserialization vulnerability in JBoss JMXInvokerServlet |
High |
Remote code execution |
Deserialization remote code execution vulnerability in Jenkins |
High |
Remote code execution |
Unauthorized arbitrary file read vulnerability in Jenkins |
High |
Arbitrary file read |
Remote code execution vulnerability in Jolokia 1.3.7 |
High |
Remote code execution |
Privilege escalation vulnerability in Joomla! 3.4.4–3.6.3 |
High |
Privilege escalation |
SQL injection vulnerability in Joomla! 3.2.0–3.4.4 |
High |
Remote code execution |
Remote code execution using HTTP headers in Joomla! |
High |
Remote code execution |
SQL injection vulnerability in Joomla! 3.7.0 Core |
High |
Remote code execution |
Privilege escalation vulnerability in Joomla! Core |
High |
Remote code execution |
SQL injection vulnerability in Joomla! Core |
High |
SQL injection |
SQL injection vulnerability in admin/admin_conn.php of MacCMS |
High |
SQL injection |
SQL injection in MacCMS ASP Edition |
High |
SQL injection |
SQL injection vulnerability in inc/ajax.php of MacCMS |
High |
SQL injection |
SQL injection vulnerability in /inc/api.php of MacCMS V8 |
High |
SQL injection |
SQL injection vulnerability in /inc_module_art.php of MacCMS V8 |
High |
SQL injection |
SQL injection vulnerability in inc/user/alipay/alipayapi.php of MacCMS V8 |
High |
SQL injection |
SQL injection vulnerability in about/show.php of MetInfo 5.0.4 |
High |
SQL injection |
SQL injection vulnerability in /message/access.php of MetInfo 5.1 |
High |
SQL injection |
SQL injection vulnerability in job.php of MetInfo 5.1.7 |
High |
Remote code execution |
Variable overwriting vulnerability in MetInfo 5.3.1 |
High |
Password reset |
SQL injection vulnerability on the frontend of Metinfo 5.3.17 |
High |
SQL injection |
SQL injection vulnerability in MetInfo 6.0.0–6.1.2 |
High |
SQL injection |
Arbitrary file upload vulnerability in MetInfo v5.1.3 |
High |
Arbitrary file upload |
Command execution vulnerability in Nexus Repository Manager OSS 3 |
High |
Remote code execution |
Default password of Nexus Repository Manager OSS |
High |
Weak password |
SQL injection vulnerability in phpcms/modules/member/index.php of PHPCMS |
High |
SQL injection |
SQL injection vulnerability in /phpsso_server/phpcms/modules/phpsso/index.php of PHPCMS V9 |
High |
SQL injection |
SQL injection in the WAP module of PHPCMS V9 |
High |
Remote code execution |
Arbitrary file upload vulnerability in PHPCMS V9.6.0 |
High |
Remote code execution |
Arbitrary file read vulnerability in PHPCMS V9.6.1 |
High |
Remote code execution |
SQL injection vulnerability in PHPCMS V9.6.2 |
High |
Remote code execution |
Remote code execution in PHPMailer |
High |
Remote code execution |
SQL injection vulnerability in search.php of PHPMPS |
High |
SQL injection |
SQL injection vulnerability in the user interface of phpMyAdmin |
High |
SQL injection |
Arbitrary file inclusion vulnerability in /scripts/setup.php of phpMyAdmin |
High |
Remote code execution |
SQL injection vulnerability in the export function of phpMyAdmin 4.6.x, 4.4.x, and 4.0.x |
High |
SQL injection |
XSS vulnerability in phpMyAdmin 4.6.x |
High |
XSS |
SQL injection vulnerability in the export function of phpMyAdmin 4.6.x |
High |
SQL injection |
XSRF/CSRF vulnerability in phpMyAdmin 4.7.x |
High |
Remote code execution |
CSRF vulnerability in phpMyAdmin 4.8.0 |
High |
Remote code execution |
Remote code execution vulnerability in the dBase extension of phpMyAdmin |
High |
Remote code execution |
Function vulnerability in PMA_safeUnserialize() of phpMyAdmin |
High |
Logic vulnerability |
Password-free user login configuration failure in phpMyAdmin |
High |
Logic vulnerability |
Remote code execution vulnerability in phpMyAdmin |
High |
Remote code execution |
Remote code execution by authorized users in phpMyAdmin |
High |
Remote code execution |
Code execution vulnerability in /include/common.func.php of PHPMyWind 5.1 |
High |
Remote code execution |
SQL injection vulnerability in orderenter.php of PHPMyWind 5.1 |
High |
SQL injection |
Arbitrary file upload vulnerability in upLoadOfficeFile.php of PHPOA V4.0 |
High |
Remote code execution |
Arbitrary file upload vulnerability in PHPOA V4.0 |
High |
Remote code execution |
SQL injection vulnerability in /framework/engine/session_file.php of PHPOK |
High |
SQL injection |
SQL injection vulnerability in framework/phpok_call.php of PHPOK |
High |
SQL injection |
SQL injection vulnerability in /framework/www/project/control.php of PHPOK v4.1 |
High |
SQL injection |
Arbitrary file deletion vulnerability in global.func.php of PHPSHE |
High |
Arbitrary file deletion |
SQL injection vulnerability in module/index/order.php of PHPSHE |
High |
SQL injection |
SQL injection vulnerability in userbank.php of PHPSHE |
High |
SQL injection |
Remote code execution vulnerability in PHPUnit |
High |
Remote code execution |
SQL injection vulnerability in ask/model/index.class.php of PHPYUN |
High |
SQL injection |
SQL injection vulnerability in member/model/index.class.php of PHPYUN |
High |
SQL injection |
SQL injection vulnerability in member/user/model/resume.class.php of PHPYUN |
High |
SQL injection |
SQL injection vulnerability in model/redeem.class.php of PHPYUN |
High |
SQL injection |
SQL injection vulnerability in zhidao/search.php of Qibo zhidao |
High |
SQL injection |
Remote code execution vulnerability in Richfaces |
High |
Remote code execution |
SQL injection vulnerability in circle/control/api.php of ShopNC |
High |
SQL injection |
Remote code execution vulnerability in Spring Messaging |
High |
Remote code execution |
Directory traversal vulnerability in Spring MVC |
High |
Information leakage |
SpEL expression injection vulnerability in Spring Data REST |
High |
Remote code execution |
Remote code execution vulnerability in the REST plugin of Struts (S2-052) |
High |
Remote code execution |
Remote code execution vulnerability in Struts 2 (S2-016) |
High |
Remote code execution |
Remote code execution vulnerability in Struts 2 (S2-032) |
High |
Remote code execution |
Remote code execution vulnerability in Struts 2 (S2-045) |
High |
Remote code execution |
Update injection vulnerability in Thinkphp 3.2.3 |
High |
SQL injection |
Remote code execution vulnerability in App.php / Module.php of ThinkPHP 5 |
High |
Remote code execution |
Remote code execution vulnerability in Request.php of ThinkPHP 5 |
High |
Remote code execution |
Arbitrary code execution vulnerability in Dispatcher.class.php of ThinkPHP |
High |
Remote code execution |
SQL injection vulnerability in Driver.class.php of ThinkPHP |
High |
SQL injection |
SQL injection vulnerability in library/think/db/builder.php of ThinkPHP |
High |
SQL injection |
SQL injection vulnerability in Model.class.php of ThinkPHP |
High |
SQL injection |
Source code leakage vulnerability in Tomcat 7.x |
High |
Information leakage |
Remote command execution vulnerability in Tomcat 7.x |
High |
Remote code execution |
Deserialization in Tomcat JmxRemoteLifecycleListener |
High |
Remote code execution |
Command execution caused by deserialization in install.php of Typecho |
High |
Remote code execution |
Command execution vulnerability caused by external access to uWSGI ports |
High |
Remote code execution |
Arbitrary file upload vulnerability in WebLogic WLS |
High |
Arbitrary file upload |
Deserialization vulnerability in Weblogic XMLDecode |
High |
Remote code execution |
Deserialization vulnerability in Weblogic |
High |
Remote code execution |
Deserialization vulnerability in Weblogic |
High |
Remote code execution |
Unauthenticated remote code execution in WordPress Core 4.6 |
High |
Remote code execution |
Remote code execution vulnerability in action.php of WordPress Mailpress |
High |
Remote code execution |
SQL injection vulnerability in photocontroller.php of YXcms |
High |
SQL injection |
Brute force SQL injection in YXcms v1.2.7 |
High |
SQL injection |
Arbitrary file deletion vulnerability in YXcms |
High |
Arbitrary file deletion |
Regular SQL injection vulnerability in frontend of Z-BlogPHP v1.2 and below |
High |
SQL injection |
The authentication mechanism issue in Z-Blog plugin_edit.php can lead to GetShell |
High |
Remote code execution |
SQL injection vulnerability in user/adv2.php of ZZCMS 8.2 |
High |
SQL injection |
Arbitrary user password change vulnerability in ZZCMS 8.2 |
High |
Logic vulnerability |
SQL injection vulnerability in blog/member/update_sort.php of Qibo Blog |
High |
SQL injection |
SQL injection vulnerability in do/js.php of Qibo Blog |
High |
SQL injection |
SQL injection vulnerability in inc/common.inc.php of Qibo CMS |
High |
SQL injection |
SQL injection vulnerability in Qibo CMS |
High |
SQL injection |
SQL injection vulnerability in /member/userinfo.php of Qibo Blog |
High |
SQL injection |
Remote code execution vulnerability in do/jf.php of the Qibo categorized information system |
High |
Remote code execution |
Remote code execution vulnerability in Apache Struts 2 (S2-053) |
Medium |
Remote code execution |
SQL injection vulnerability in /admin/login.php of BlueCMS |
Medium |
SQL injection |
SQL injection vulnerability in ad_js.php of BlueCMS |
Medium |
SQL injection |
SQL injection vulnerability in comment.php of BlueCMS |
Medium |
SQL injection |
Incorrect configuration of crossdomain.xml |
Medium |
Misconfiguration |
XSS vulnerability in feedback_ajax.php of DedeCMS |
Medium |
XSS |
SQL injection vulnerability in reg_new.php of DedeCMS |
Medium |
Remote code execution |
Stored XSS in shops_delivery.php of DedeCMS |
Medium |
XSS |
Privilege escalation caused by cross-site request forgery (CSRF) in tpl.php of DedeCMS |
Medium |
Privilege escalation |
Arbitrary file upload vulnerability in friendlink_edit.php of Dedecms v5.7 |
Medium |
Arbitrary file upload |
Code execution vulnerability in sys_cache_up.php of DedeCMS v5.7 |
Medium |
Remote code execution |
Code execution vulnerability in sys_verifies.php of DedeCMS v5.7 |
Medium |
Remote code execution |
Code execution vulnerability in on the backend of DedeCMS |
Medium |
Remote code execution |
Arbitrary user login vulnerability in DedeCMS |
Medium |
Logic vulnerability |
Authkey generation algorithm security vulnerability in Discuz! |
Medium |
Algorithm security |
Remote code execution vulnerability in helper_seo.php of Discuz! |
Medium |
Remote code execution |
SSRF vulnerability in source/class/extend/extend_thread_image.php of Discuz! X |
Medium |
SSRF |
XSS vulnerability in the ranking list of Discuz! X |
Medium |
XSS |
GET type SQL injection vulnerability on the frontend of Discuz x3.2 |
Medium |
SQL injection |
Stored XSS of frontend replies in Discuz! |
Medium |
XSS |
Server-side request forgery (SSRF) in Discuz! |
Medium |
Remote code execution |
Stored XSS in source/function/function_core.php of Discuz! X |
Medium |
XSS |
Access bypass vulnerability in archiver/index.php of DiscuzX X3.4 |
Medium |
Information leakage |
XSS vulnerability in spacecp_upload.php of DiscuzX X3.4 |
Medium |
XSS |
SQL injection vulnerability in affiliate_ck.php of ECShop 2.7.3 |
Medium |
SQL injection |
Directory traversal in ElasticSearch < 1.4.5 / < 1.5.2 |
Medium |
Information leakage |
SQL injection vulnerability in /e/member/list/index.php of EmpireCMS |
Medium |
SQL injection |
XSS vulnerability in EmpireCMS |
Medium |
XSS |
Command execution caused by CSRF in EmpireCMS |
Medium |
Remote code execution |
SQL injection vulnerability in citylist.php of ESPCMS |
Medium |
SQL injection |
SQL injection vulnerability in interface/enquiry.php of ESPCMS |
Medium |
SQL injection |
SQL injection vulnerability in interface/order.php of ESPCMS |
Medium |
SQL injection |
Login authentication bypass vulnerability on the backend of ESPCMS |
Medium |
SQL injection |
SQL injection in FineCMS v5.2.0 |
Medium |
Remote code execution |
Permission leakage vulnerability in GitLab |
Medium |
Information leakage |
XSS comparison vulnerability on the backend of MacCMS ASP Edition |
Medium |
XSS |
SQL injection vulnerability in admin_interface.php of MacCMS V8 |
Medium |
SQL injection |
Code execution vulnerability in /admin/include/common.inc.php of MetInfo 5.2 |
Medium |
Remote code execution |
Code execution vulnerability in lang.php of MetInfo 5.2 |
Medium |
Remote code execution |
Injection vulnerability in /login_check.php of MetInfo 5.3.1 |
Medium |
SQL injection |
Code execution in MetInfo 5.3.17 |
Medium |
Remote code execution |
XSS vulnerability in feedback/index.php of MetInfo 6.0 |
Medium |
XSS |
SQL injection vulnerability in search.php of MetInfo 5.3 |
Medium |
SQL injection |
EL expression injection vulnerability in Nexus Repository Manager OSS 3 |
Medium |
Remote code execution |
SQL injection vulnerability in client/user/ourphp_play.class.php of OURPHP |
Medium |
SQL injection |
SQL injection vulnerability in /phpcms/modules/video/video_for_ck.php of PHPCMS |
Medium |
SQL injection |
Authkey information leakage in PHPCMS |
Medium |
Information leakage |
Wide byte injection in respond.php of PHPCMS |
Medium |
SQL injection |
SQL injection vulnerability in add_favorite.php of PHPCMS v9 |
Medium |
SQL injection |
Local file read in PHPMailer 5.2.21 |
Medium |
Arbitrary file read |
SQL injection vulnerability in member.php of PHPCMS |
Medium |
SQL injection |
Certificate verification vulnerability in Config.class.php of phpMyAdmin |
Medium |
Information leakage |
Arbitrary file viewing vulnerability in phpMyAdmin server |
Medium |
Information leakage |
XSS vulnerability in table structure page of phpMyAdmin 4.6.x |
Medium |
XSS |
GetShell vulnerability on the backend of phpMyAdmin 4.8.1 |
Medium |
File inclusion |
SQL injection vulnerability in central_columns.lib.php of phpMyAdmin |
Medium |
SQL injection |
XSRF/CSRF token comparison vulnerability in libraries/common.inc.php of phpMyAdmin |
Medium |
Remote code execution |
Information leak of messages.inc.php in phpMyAdmin |
Medium |
Information leakage |
SQL injection vulnerability in phpMyAdmin |
Medium |
SQL injection |
Multiple XSS vulnerabilities in phpMyAdmin |
Medium |
XSS |
SQL injection vulnerability in the backend management interface of PHPMyWind 5.0 |
Medium |
SQL injection |
SQL injection vulnerability in /admin/infoimg_do.php of PHPMyWind 5.2 |
Medium |
SQL injection |
Arbitrary user password reset in PHPMyWind v5.1 |
Medium |
Horizontal/vertical privilege escalation |
Arbitrary file upload vulnerability in PHPOK 4.8.338 |
Medium |
Arbitrary file upload |
Command execution caused by CSRF in PHPOK |
Medium |
Remote code execution |
SQL injection vulnerability in host header of PHPOK |
Medium |
SQL injection |
Comment stored XSS in PHPOK |
Medium |
XSS |
SQL injection vulnerability in /module/index/product.php of PHPSHE |
Medium |
SQL injection |
SQL injection vulnerability in index.php of PHPSHE |
Medium |
SQL injection |
SQL injection vulnerability in module/admin/do.php of PHPSHE |
Medium |
SQL injection |
SQL injection vulnerability in notify_url_db.php of PHPSHE |
Medium |
SQL injection |
Local file inclusion vulnerability in PHPSHE |
Medium |
File inclusion |
SQL injection vulnerability in app/controller/weixin/index.class.php of PHPYUN |
Medium |
SQL injection |
SQL injection vulnerability in app/public/action.class.php of PHPYUN |
Medium |
SQL injection |
SQL injection vulnerability in app/public/action.class.php of PHPYUN |
Medium |
SQL injection |
SQL injection vulnerability in member/ajax.class.php of PHPYUN |
Medium |
SQL injection |
SQL injection vulnerability in member/com/model/show.class.php of PHPYUN |
Medium |
SQL injection |
Privilege escalation vulnerability in member/user/model/expectq.class.php of PHPYUN |
Medium |
Horizontal/vertical privilege escalation |
SQL injection vulnerability in member/user/model/show.class.php of PHPYUN |
Medium |
SQL injection |
SQL injection vulnerability in wap/member/model/index.class.php of PHPYUN |
Medium |
SQL injection |
XML external entity (XXE) vulnerability in Spring Data with integrated XMLBeam |
Medium |
Remote code execution |
Remote code execution vulnerability in Spring Security OAuth 2 |
Medium |
Remote code execution |
No access control set for app_dev.php of Symfony framework |
Medium |
Information leakage |
SQL injection vulnerability in ThinkPHP 5.x |
Medium |
SQL injection |
SQL injection vulnerability in Db.class.php of ThinkPHP |
Medium |
SQL injection |
ThinkPHP getshell caused by a buffer function vulnerability |
Medium |
Remote code execution |
SSRF vulnerability in Typecho pingback |
Medium |
SSRF |
Stored XSS via a theme file in WordPress 4.6.1 and below |
Medium |
XSS |
SSRF in WordPress versions below 4.5 |
Medium |
SSRF |
Arbitrary file deletion vulnerability in WordPress 4.9.6 |
Medium |
Arbitrary file deletion |
Stored XSS in WordPress Core 4.7 |
Medium |
XSS |
Content injection vulnerability in WordPress REST API |
Medium |
Horizontal/vertical privilege escalation |
Potential unauthorized password reset in core components of WordPress |
Medium |
Logic vulnerability |
CSRF vulnerability in index.php of WUZHICMS 4.1.0 |
Medium |
Remote code execution |
SQL injection vulnerability in coreframe/app/tags/index.php of WUZHICMS |
Medium |
SQL injection |
Stored XSS in myissue.php of WUZHICMS |
Medium |
XSS |
SQL injection vulnerability in order_goods.php of WUZHICMS |
Medium |
SQL injection |
Stored XSS in comment.php of YiqiCMS |
Medium |
Remote code execution |
SQL injection vulnerability in linkController.php of YXcms |
Medium |
SQL injection |
Arbitrary file deletion in YXcms v1.2.6 |
Medium |
Arbitrary file deletion |
Unauthorized usage of the account deposit balance in YXcms v1.2.7 |
Medium |
Logic vulnerability |
Stored XSS in YXcms v1.3.1 |
Medium |
XSS |
Unauthorized modification of arbitrary user information and acquisition of arbitrary user passwords in YXcms |
Medium |
Logic vulnerability |
Arbitrary code execution caused by a file upload vulnerability in app.php of Z-Blog |
Medium |
Arbitrary file upload |
SQL injection vulnerability in dl/dl_sendsms.php in ZZCMS 8.2 |
Medium |
SQL injection |
Remote code execution vulnerability in install/index.php of ZZCMS 8.2 |
Medium |
Remote code execution |
Arbitrary file deletion vulnerability in user/adv.php of ZZCMS 8.2 |
Medium |
Arbitrary file deletion |
Arbitrary file deletion vulnerability in user/manage.php of ZZCMS 8.2 |
Medium |
Arbitrary file deletion |
Arbitrary file deletion vulnerability in user/ppsave.php of ZZCMS 8.2 |
Medium |
Arbitrary file deletion |
SQL injection vulnerability in admin/logincheck.php of ZZCMS |
Medium |
SQL injection |
SQL injection vulnerability in dl/dl.php of ZZCMS |
Medium |
SQL injection |
SQL injection vulnerability in dl/search.php of ZZCMS |
Medium |
SQL injection |
SQL injection vulnerability in special/search.php of ZZCMS |
Medium |
SQL injection |
SQL injection vulnerability in user/logincheck.php of ZZCMS |
Medium |
SQL injection |
SQL injection vulnerability in control.php of chanzhiCMS |
Medium |
SQL injection |
SQL injection in system/module/message/control.php of chanzhiCMS |
Medium |
SQL injection |
Arbitrary code execution caused by a file upload vulnerability in EmpireCMS 6.6 |
Medium |
Arbitrary file upload |
Remote password change vulnerability in Qibo Blog |
Medium |
SQL injection |
SQL injection vulnerability in blog/member/postlog.php of Qibo Blog |
Medium |
SQL injection |
SQL injection vulnerability in showsp.php list.php of the Qibo CMS video system |
Medium |
SQL injection |
XSS vulnerability in search.php of Qibo Information |
Medium |
XSS |
SQL injection vulnerability in /zhidao/ask.php of Qibo Zhidao |
Medium |
SQL injection |
SQL injection vulnerability in /zhidao/editbaike.php of Qibo Zhidao |
Medium |
SQL injection |
SQL injection vulnerability in /zhidao/postbaike.php of Qibo Zhidao |
Medium |
SQL injection |
SQL injection vulnerability in listbbs.php of Qibo Blog |
Medium |
SQL injection |
SQL injection vulnerability in /exam/exam_order.php of Qibo Exam |
Medium |
SQL injection |
Information leakage in .DS_Store |
Medium |
Information leakage |
Unrestricted IP source in Apache Server Status |
Low |
Information leakage |
Password reset vulnerability in /member/resetpassword.php of DedeCMS |
Low |
Logic vulnerability |
XSS vulnerability in space_poll.php of DiscuzX 3.4 |
Low |
XSS |
Access bypass vulnerability in Drupal Core |
Low |
Information leakage |
Verification code bypass logic vulnerability in ECShop V2.7.3 |
Low |
Logic vulnerability |
Arbitrary file download vulnerability in app/controller/downController.php of FengCMS |
Low |
Arbitrary file read |
Privilege escalation vulnerability in Joomla! |
Low |
Privilege escalation |
Two-factor authentication bypass in Joomla! |
Low |
Algorithm security |
File inclusion vulnerability in Console plugin of Kibana |
Low |
File inclusion |
Stored XSS in delete.php of MetInfo |
Low |
XSS |
SQL injection vulnerability in /function/ourphp_shoppingorders.class.php of OURPHP |
Low |
SQL injection |
SQL injection vulnerability in /function/plugs/Comment/product-content.php of OURPHP |
Low |
SQL injection |
XSS vulnerability in db_central_columns.php of phpMyAdmin |
Low |
XSS |
SQL injection vulnerability in model/register.class.php of PHPYUN |
Low |
Remote code execution |
Privilege escalation vulnerability in wap/member/model/com.class.php of PHPYUN |
Low |
Horizontal/vertical privilege escalation |
File information leakage vulnerability in svinfo.php of Shopex V4.8.4–4.8.5 |
Low |
Information leakage |
XSS vulnerability in Wordpress < 4.9.2 |
Low |
XSS |
Reflected XSS vulnerability in flashmediaelement.swf of WordPress 4.2.0–4.5.1 |
Low |
XSS |
XSS in oEmbed of WordPress 4.4–4.8.1 |
Low |
XSS |
Tampered feature of the audio playlist in WordPress |
Low |
XSS |
Physical path leakage in the Fancybox For WordPress plugin of WordPress |
Low |
Information leakage |
Passage viewing with bypassed password in WordPress |
Low |
Horizontal/vertical privilege escalation |
XSS vulnerability in the Duplicator Migration plugin of Wordpress |
Low |
XSS |
SQL injection vulnerability in /user/adv2.php of ZZCMS |
Low |
SQL injection |
Reflected XSS vulnerability in system/module/user/control.php of chanzhiCMS |
Low |
XSS |
Remote code execution vulnerability in inc/class.inc.php of Qibo CMS |
Low |
Remote code execution |
Was this page helpful?