Documentation | Tencent Cloud

Recent Pages

Web Application Vulnerabilities

Last updated: 2020-04-20 12:21:46

Name	Level	vul_type
Deserialization RCE vulnerability in Adobe ColdFusion Java RMI	High	Remote code execution
SQL injection vulnerability in admin/login.php of BEESCMS	High	SQL injection
SQL injection vulnerability in member.php of BEESCMS V4.0	High	SQL injection
Code execution vulnerability in cut_image of CmsEasy 5.5	High	Remote code execution
SQL injection vulnerability in /member/buy_action.php of DedeCMS	High	SQL injection
SQL injection vulnerability in /plus/flink_add.php of DedeCMS 5.7	High	SQL injection
Remote file inclusion vulnerability in /install/index.php of DedeCMS 5.7 SP1	High	File inclusion
Stored cross-site scripting (XSS) vulnerability in carbuyaction.php of DedeCMS	High	XSS
SQL injection vulnerability in plus/search.php of DedeCMS	High	SQL injection
SQL injection vulnerability in /member/mtypes.php of DedeCMS V5.7 SP1	High	SQL injection
Code execution vulnerability in /source/class/class_image.php of Discuz! X2.5	High	Remote code execution
Arbitrary file deletion vulnerability in Discuz!X v3.4 or above	High	Arbitrary file deletion
Arbitrary code execution vulnerability on the backend of Discuz! X	High	Remote code execution
SQL injection vulnerability in /faq.php of Discuz! 7.2	High	Remote code execution
SQL injection vulnerability in Pre Auth of Drupal < 7.32	High	SQL injection
Code execution vulnerability in the RESTWS module of Drupal 7.x	High	Remote code execution
Remote code execution vulnerability in Drupal (SA-CORE-2018-002)	High	Remote code execution
Remote code execution in Drupal (SA-CORE-2018-004)	High	Remote code execution
Arbitrary PHP code execution and information leakage vulnerabilities in Drupal	High	Remote code execution
Blind injection vulnerability in /api/client/lib_api.php of ECShop	High	SQL injection
Login authentication bypass vulnerability in /flow.php of ECShop 2.7.3	High	Horizontal/vertical privilege escalation
SQL injection vulnerability in /includes/modules/payment/alipay.php of ECShop 2.7.3	High	SQL injection
SQL injection vulnerability in shophelp.php of ECShop 2.7.3	High	SQL injection
SQL injection vulnerability in comment_manage.php of ECShop	High	SQL injection
SQL injection vulnerability in shopinfo.php of ECShop	High	SQL injection
Code injection vulnerability in user.php of ECShop	High	Remote code execution
GetShell vulnerability due to inadequate filtering on the backend of ECShop	High	Remote privilege escalation
Code execution vulnerability in ElasticSearch < 1.2.0	High	Remote code execution
Arbitrary file upload in eWebEditor 3.8 for PHP	High	Arbitrary file upload
Remote code execution vulnerability in fastjson	High	Remote code execution
Arbitrary file deletion vulnerability in admin/app/model/dbmanageModel.php of FengCMS	High	Arbitrary file deletion
SQL injection vulnerability in app/controller/searchController.php of FengCMS	High	SQL injection
SQL injection vulnerability in app/model/messageModel.php of FengCMS	High	SQL injection
SQL injection vulnerability in app/model/moduleModel.php of FengCMS	High	SQL injection
SQL injection vulnerability in system/core/model.php of FengCMS	High	SQL injection
File upload vulnerability in controllers/AttachmentController.php of FineCMS	High	Remote code execution
Arbitrary file upload in FineCMS	High	Arbitrary file upload
File read vulnerability in Gitlab	High	Remote code execution
Remote code execution vulnerability in Gogs	High	Remote code execution
Weak password detection in admin-console of JBoss 4.x-6.x	High	Weak password
Unauthorized access vulnerability in JMXInvokerServlet of JBoss	High	Remote code execution
Deserialization vulnerability in JBoss JMXInvokerServlet	High	Remote code execution
Deserialization remote code execution vulnerability in Jenkins	High	Remote code execution
Unauthorized arbitrary file read vulnerability in Jenkins	High	Arbitrary file read
Remote code execution vulnerability in Jolokia 1.3.7	High	Remote code execution
Privilege escalation vulnerability in Joomla! 3.4.4–3.6.3	High	Privilege escalation
SQL injection vulnerability in Joomla! 3.2.0–3.4.4	High	Remote code execution
Remote code execution using HTTP headers in Joomla!	High	Remote code execution
SQL injection vulnerability in Joomla! 3.7.0 Core	High	Remote code execution
Privilege escalation vulnerability in Joomla! Core	High	Remote code execution
SQL injection vulnerability in Joomla! Core	High	SQL injection
SQL injection vulnerability in admin/admin_conn.php of MacCMS	High	SQL injection
SQL injection in MacCMS ASP Edition	High	SQL injection
SQL injection vulnerability in inc/ajax.php of MacCMS	High	SQL injection
SQL injection vulnerability in /inc/api.php of MacCMS V8	High	SQL injection
SQL injection vulnerability in /inc_module_art.php of MacCMS V8	High	SQL injection
SQL injection vulnerability in inc/user/alipay/alipayapi.php of MacCMS V8	High	SQL injection
SQL injection vulnerability in about/show.php of MetInfo 5.0.4	High	SQL injection
SQL injection vulnerability in /message/access.php of MetInfo 5.1	High	SQL injection
SQL injection vulnerability in job.php of MetInfo 5.1.7	High	Remote code execution
Variable overwriting vulnerability in MetInfo 5.3.1	High	Password reset
SQL injection vulnerability on the frontend of Metinfo 5.3.17	High	SQL injection
SQL injection vulnerability in MetInfo 6.0.0–6.1.2	High	SQL injection
Arbitrary file upload vulnerability in MetInfo v5.1.3	High	Arbitrary file upload
Command execution vulnerability in Nexus Repository Manager OSS 3	High	Remote code execution
Default password of Nexus Repository Manager OSS	High	Weak password
SQL injection vulnerability in phpcms/modules/member/index.php of PHPCMS	High	SQL injection
SQL injection vulnerability in /phpsso_server/phpcms/modules/phpsso/index.php of PHPCMS V9	High	SQL injection
SQL injection in the WAP module of PHPCMS V9	High	Remote code execution
Arbitrary file upload vulnerability in PHPCMS V9.6.0	High	Remote code execution
Arbitrary file read vulnerability in PHPCMS V9.6.1	High	Remote code execution
SQL injection vulnerability in PHPCMS V9.6.2	High	Remote code execution
Remote code execution in PHPMailer	High	Remote code execution
SQL injection vulnerability in search.php of PHPMPS	High	SQL injection
SQL injection vulnerability in the user interface of phpMyAdmin	High	SQL injection
Arbitrary file inclusion vulnerability in /scripts/setup.php of phpMyAdmin	High	Remote code execution
SQL injection vulnerability in the export function of phpMyAdmin 4.6.x, 4.4.x, and 4.0.x	High	SQL injection
XSS vulnerability in phpMyAdmin 4.6.x	High	XSS
SQL injection vulnerability in the export function of phpMyAdmin 4.6.x	High	SQL injection
XSRF/CSRF vulnerability in phpMyAdmin 4.7.x	High	Remote code execution
CSRF vulnerability in phpMyAdmin 4.8.0	High	Remote code execution
Remote code execution vulnerability in the dBase extension of phpMyAdmin	High	Remote code execution
Function vulnerability in PMA_safeUnserialize() of phpMyAdmin	High	Logic vulnerability
Password-free user login configuration failure in phpMyAdmin	High	Logic vulnerability
Remote code execution vulnerability in phpMyAdmin	High	Remote code execution
Remote code execution by authorized users in phpMyAdmin	High	Remote code execution
Code execution vulnerability in /include/common.func.php of PHPMyWind 5.1	High	Remote code execution
SQL injection vulnerability in orderenter.php of PHPMyWind 5.1	High	SQL injection
Arbitrary file upload vulnerability in upLoadOfficeFile.php of PHPOA V4.0	High	Remote code execution
Arbitrary file upload vulnerability in PHPOA V4.0	High	Remote code execution
SQL injection vulnerability in /framework/engine/session_file.php of PHPOK	High	SQL injection
SQL injection vulnerability in framework/phpok_call.php of PHPOK	High	SQL injection
SQL injection vulnerability in /framework/www/project/control.php of PHPOK v4.1	High	SQL injection
Arbitrary file deletion vulnerability in global.func.php of PHPSHE	High	Arbitrary file deletion
SQL injection vulnerability in module/index/order.php of PHPSHE	High	SQL injection
SQL injection vulnerability in userbank.php of PHPSHE	High	SQL injection
Remote code execution vulnerability in PHPUnit	High	Remote code execution
SQL injection vulnerability in ask/model/index.class.php of PHPYUN	High	SQL injection
SQL injection vulnerability in member/model/index.class.php of PHPYUN	High	SQL injection
SQL injection vulnerability in member/user/model/resume.class.php of PHPYUN	High	SQL injection
SQL injection vulnerability in model/redeem.class.php of PHPYUN	High	SQL injection
SQL injection vulnerability in zhidao/search.php of Qibo zhidao	High	SQL injection
Remote code execution vulnerability in Richfaces	High	Remote code execution
SQL injection vulnerability in circle/control/api.php of ShopNC	High	SQL injection
Remote code execution vulnerability in Spring Messaging	High	Remote code execution
Directory traversal vulnerability in Spring MVC	High	Information leakage
SpEL expression injection vulnerability in Spring Data REST	High	Remote code execution
Remote code execution vulnerability in the REST plugin of Struts (S2-052)	High	Remote code execution
Remote code execution vulnerability in Struts 2 (S2-016)	High	Remote code execution
Remote code execution vulnerability in Struts 2 (S2-032)	High	Remote code execution
Remote code execution vulnerability in Struts 2 (S2-045)	High	Remote code execution
Update injection vulnerability in Thinkphp 3.2.3	High	SQL injection
Remote code execution vulnerability in App.php / Module.php of ThinkPHP 5	High	Remote code execution
Remote code execution vulnerability in Request.php of ThinkPHP 5	High	Remote code execution
Arbitrary code execution vulnerability in Dispatcher.class.php of ThinkPHP	High	Remote code execution
SQL injection vulnerability in Driver.class.php of ThinkPHP	High	SQL injection
SQL injection vulnerability in library/think/db/builder.php of ThinkPHP	High	SQL injection
SQL injection vulnerability in Model.class.php of ThinkPHP	High	SQL injection
Source code leakage vulnerability in Tomcat 7.x	High	Information leakage
Remote command execution vulnerability in Tomcat 7.x	High	Remote code execution
Deserialization in Tomcat JmxRemoteLifecycleListener	High	Remote code execution
Command execution caused by deserialization in install.php of Typecho	High	Remote code execution
Command execution vulnerability caused by external access to uWSGI ports	High	Remote code execution
Arbitrary file upload vulnerability in WebLogic WLS	High	Arbitrary file upload
Deserialization vulnerability in Weblogic XMLDecode	High	Remote code execution
Deserialization vulnerability in Weblogic	High	Remote code execution
Deserialization vulnerability in Weblogic	High	Remote code execution
Unauthenticated remote code execution in WordPress Core 4.6	High	Remote code execution
Remote code execution vulnerability in action.php of WordPress Mailpress	High	Remote code execution
SQL injection vulnerability in photocontroller.php of YXcms	High	SQL injection
Brute force SQL injection in YXcms v1.2.7	High	SQL injection
Arbitrary file deletion vulnerability in YXcms	High	Arbitrary file deletion
Regular SQL injection vulnerability in frontend of Z-BlogPHP v1.2 and below	High	SQL injection
The authentication mechanism issue in Z-Blog plugin_edit.php can lead to GetShell	High	Remote code execution
SQL injection vulnerability in user/adv2.php of ZZCMS 8.2	High	SQL injection
Arbitrary user password change vulnerability in ZZCMS 8.2	High	Logic vulnerability
SQL injection vulnerability in blog/member/update_sort.php of Qibo Blog	High	SQL injection
SQL injection vulnerability in do/js.php of Qibo Blog	High	SQL injection
SQL injection vulnerability in inc/common.inc.php of Qibo CMS	High	SQL injection
SQL injection vulnerability in Qibo CMS	High	SQL injection
SQL injection vulnerability in /member/userinfo.php of Qibo Blog	High	SQL injection
Remote code execution vulnerability in do/jf.php of the Qibo categorized information system	High	Remote code execution
Remote code execution vulnerability in Apache Struts 2 (S2-053)	Medium	Remote code execution
SQL injection vulnerability in /admin/login.php of BlueCMS	Medium	SQL injection
SQL injection vulnerability in ad_js.php of BlueCMS	Medium	SQL injection
SQL injection vulnerability in comment.php of BlueCMS	Medium	SQL injection
Incorrect configuration of crossdomain.xml	Medium	Misconfiguration
XSS vulnerability in feedback_ajax.php of DedeCMS	Medium	XSS
SQL injection vulnerability in reg_new.php of DedeCMS	Medium	Remote code execution
Stored XSS in shops_delivery.php of DedeCMS	Medium	XSS
Privilege escalation caused by cross-site request forgery (CSRF) in tpl.php of DedeCMS	Medium	Privilege escalation
Arbitrary file upload vulnerability in friendlink_edit.php of Dedecms v5.7	Medium	Arbitrary file upload
Code execution vulnerability in sys_cache_up.php of DedeCMS v5.7	Medium	Remote code execution
Code execution vulnerability in sys_verifies.php of DedeCMS v5.7	Medium	Remote code execution
Code execution vulnerability in on the backend of DedeCMS	Medium	Remote code execution
Arbitrary user login vulnerability in DedeCMS	Medium	Logic vulnerability
Authkey generation algorithm security vulnerability in Discuz!	Medium	Algorithm security
Remote code execution vulnerability in helper_seo.php of Discuz!	Medium	Remote code execution
SSRF vulnerability in source/class/extend/extend_thread_image.php of Discuz! X	Medium	SSRF
XSS vulnerability in the ranking list of Discuz! X	Medium	XSS
GET type SQL injection vulnerability on the frontend of Discuz x3.2	Medium	SQL injection
Stored XSS of frontend replies in Discuz!	Medium	XSS
Server-side request forgery (SSRF) in Discuz!	Medium	Remote code execution
Stored XSS in source/function/function_core.php of Discuz! X	Medium	XSS
Access bypass vulnerability in archiver/index.php of DiscuzX X3.4	Medium	Information leakage
XSS vulnerability in spacecp_upload.php of DiscuzX X3.4	Medium	XSS
SQL injection vulnerability in affiliate_ck.php of ECShop 2.7.3	Medium	SQL injection
Directory traversal in ElasticSearch < 1.4.5 / < 1.5.2	Medium	Information leakage
SQL injection vulnerability in /e/member/list/index.php of EmpireCMS	Medium	SQL injection
XSS vulnerability in EmpireCMS	Medium	XSS
Command execution caused by CSRF in EmpireCMS	Medium	Remote code execution
SQL injection vulnerability in citylist.php of ESPCMS	Medium	SQL injection
SQL injection vulnerability in interface/enquiry.php of ESPCMS	Medium	SQL injection
SQL injection vulnerability in interface/order.php of ESPCMS	Medium	SQL injection
Login authentication bypass vulnerability on the backend of ESPCMS	Medium	SQL injection
SQL injection in FineCMS v5.2.0	Medium	Remote code execution
Permission leakage vulnerability in GitLab	Medium	Information leakage
XSS comparison vulnerability on the backend of MacCMS ASP Edition	Medium	XSS
SQL injection vulnerability in admin_interface.php of MacCMS V8	Medium	SQL injection
Code execution vulnerability in /admin/include/common.inc.php of MetInfo 5.2	Medium	Remote code execution
Code execution vulnerability in lang.php of MetInfo 5.2	Medium	Remote code execution
Injection vulnerability in /login_check.php of MetInfo 5.3.1	Medium	SQL injection
Code execution in MetInfo 5.3.17	Medium	Remote code execution
XSS vulnerability in feedback/index.php of MetInfo 6.0	Medium	XSS
SQL injection vulnerability in search.php of MetInfo 5.3	Medium	SQL injection
EL expression injection vulnerability in Nexus Repository Manager OSS 3	Medium	Remote code execution
SQL injection vulnerability in client/user/ourphp_play.class.php of OURPHP	Medium	SQL injection
SQL injection vulnerability in /phpcms/modules/video/video_for_ck.php of PHPCMS	Medium	SQL injection
Authkey information leakage in PHPCMS	Medium	Information leakage
Wide byte injection in respond.php of PHPCMS	Medium	SQL injection
SQL injection vulnerability in add_favorite.php of PHPCMS v9	Medium	SQL injection
Local file read in PHPMailer 5.2.21	Medium	Arbitrary file read
SQL injection vulnerability in member.php of PHPCMS	Medium	SQL injection
Certificate verification vulnerability in Config.class.php of phpMyAdmin	Medium	Information leakage
Arbitrary file viewing vulnerability in phpMyAdmin server	Medium	Information leakage
XSS vulnerability in table structure page of phpMyAdmin 4.6.x	Medium	XSS
GetShell vulnerability on the backend of phpMyAdmin 4.8.1	Medium	File inclusion
SQL injection vulnerability in central_columns.lib.php of phpMyAdmin	Medium	SQL injection
XSRF/CSRF token comparison vulnerability in libraries/common.inc.php of phpMyAdmin	Medium	Remote code execution
Information leak of messages.inc.php in phpMyAdmin	Medium	Information leakage
SQL injection vulnerability in phpMyAdmin	Medium	SQL injection
Multiple XSS vulnerabilities in phpMyAdmin	Medium	XSS
SQL injection vulnerability in the backend management interface of PHPMyWind 5.0	Medium	SQL injection
SQL injection vulnerability in /admin/infoimg_do.php of PHPMyWind 5.2	Medium	SQL injection
Arbitrary user password reset in PHPMyWind v5.1	Medium	Horizontal/vertical privilege escalation
Arbitrary file upload vulnerability in PHPOK 4.8.338	Medium	Arbitrary file upload
Command execution caused by CSRF in PHPOK	Medium	Remote code execution
SQL injection vulnerability in host header of PHPOK	Medium	SQL injection
Comment stored XSS in PHPOK	Medium	XSS
SQL injection vulnerability in /module/index/product.php of PHPSHE	Medium	SQL injection
SQL injection vulnerability in index.php of PHPSHE	Medium	SQL injection
SQL injection vulnerability in module/admin/do.php of PHPSHE	Medium	SQL injection
SQL injection vulnerability in notify_url_db.php of PHPSHE	Medium	SQL injection
Local file inclusion vulnerability in PHPSHE	Medium	File inclusion
SQL injection vulnerability in app/controller/weixin/index.class.php of PHPYUN	Medium	SQL injection
SQL injection vulnerability in app/public/action.class.php of PHPYUN	Medium	SQL injection
SQL injection vulnerability in app/public/action.class.php of PHPYUN	Medium	SQL injection
SQL injection vulnerability in member/ajax.class.php of PHPYUN	Medium	SQL injection
SQL injection vulnerability in member/com/model/show.class.php of PHPYUN	Medium	SQL injection
Privilege escalation vulnerability in member/user/model/expectq.class.php of PHPYUN	Medium	Horizontal/vertical privilege escalation
SQL injection vulnerability in member/user/model/show.class.php of PHPYUN	Medium	SQL injection
SQL injection vulnerability in wap/member/model/index.class.php of PHPYUN	Medium	SQL injection
XML external entity (XXE) vulnerability in Spring Data with integrated XMLBeam	Medium	Remote code execution
Remote code execution vulnerability in Spring Security OAuth 2	Medium	Remote code execution
No access control set for app_dev.php of Symfony framework	Medium	Information leakage
SQL injection vulnerability in ThinkPHP 5.x	Medium	SQL injection
SQL injection vulnerability in Db.class.php of ThinkPHP	Medium	SQL injection
ThinkPHP getshell caused by a buffer function vulnerability	Medium	Remote code execution
SSRF vulnerability in Typecho pingback	Medium	SSRF
Stored XSS via a theme file in WordPress 4.6.1 and below	Medium	XSS
SSRF in WordPress versions below 4.5	Medium	SSRF
Arbitrary file deletion vulnerability in WordPress 4.9.6	Medium	Arbitrary file deletion
Stored XSS in WordPress Core 4.7	Medium	XSS
Content injection vulnerability in WordPress REST API	Medium	Horizontal/vertical privilege escalation
Potential unauthorized password reset in core components of WordPress	Medium	Logic vulnerability
CSRF vulnerability in index.php of WUZHICMS 4.1.0	Medium	Remote code execution
SQL injection vulnerability in coreframe/app/tags/index.php of WUZHICMS	Medium	SQL injection
Stored XSS in myissue.php of WUZHICMS	Medium	XSS
SQL injection vulnerability in order_goods.php of WUZHICMS	Medium	SQL injection
Stored XSS in comment.php of YiqiCMS	Medium	Remote code execution
SQL injection vulnerability in linkController.php of YXcms	Medium	SQL injection
Arbitrary file deletion in YXcms v1.2.6	Medium	Arbitrary file deletion
Unauthorized usage of the account deposit balance in YXcms v1.2.7	Medium	Logic vulnerability
Stored XSS in YXcms v1.3.1	Medium	XSS
Unauthorized modification of arbitrary user information and acquisition of arbitrary user passwords in YXcms	Medium	Logic vulnerability
Arbitrary code execution caused by a file upload vulnerability in app.php of Z-Blog	Medium	Arbitrary file upload
SQL injection vulnerability in dl/dl_sendsms.php in ZZCMS 8.2	Medium	SQL injection
Remote code execution vulnerability in install/index.php of ZZCMS 8.2	Medium	Remote code execution
Arbitrary file deletion vulnerability in user/adv.php of ZZCMS 8.2	Medium	Arbitrary file deletion
Arbitrary file deletion vulnerability in user/manage.php of ZZCMS 8.2	Medium	Arbitrary file deletion
Arbitrary file deletion vulnerability in user/ppsave.php of ZZCMS 8.2	Medium	Arbitrary file deletion
SQL injection vulnerability in admin/logincheck.php of ZZCMS	Medium	SQL injection
SQL injection vulnerability in dl/dl.php of ZZCMS	Medium	SQL injection
SQL injection vulnerability in dl/search.php of ZZCMS	Medium	SQL injection
SQL injection vulnerability in special/search.php of ZZCMS	Medium	SQL injection
SQL injection vulnerability in user/logincheck.php of ZZCMS	Medium	SQL injection
SQL injection vulnerability in control.php of chanzhiCMS	Medium	SQL injection
SQL injection in system/module/message/control.php of chanzhiCMS	Medium	SQL injection
Arbitrary code execution caused by a file upload vulnerability in EmpireCMS 6.6	Medium	Arbitrary file upload
Remote password change vulnerability in Qibo Blog	Medium	SQL injection
SQL injection vulnerability in blog/member/postlog.php of Qibo Blog	Medium	SQL injection
SQL injection vulnerability in showsp.php list.php of the Qibo CMS video system	Medium	SQL injection
XSS vulnerability in search.php of Qibo Information	Medium	XSS
SQL injection vulnerability in /zhidao/ask.php of Qibo Zhidao	Medium	SQL injection
SQL injection vulnerability in /zhidao/editbaike.php of Qibo Zhidao	Medium	SQL injection
SQL injection vulnerability in /zhidao/postbaike.php of Qibo Zhidao	Medium	SQL injection
SQL injection vulnerability in listbbs.php of Qibo Blog	Medium	SQL injection
SQL injection vulnerability in /exam/exam_order.php of Qibo Exam	Medium	SQL injection
Information leakage in .DS_Store	Medium	Information leakage
Unrestricted IP source in Apache Server Status	Low	Information leakage
Password reset vulnerability in /member/resetpassword.php of DedeCMS	Low	Logic vulnerability
XSS vulnerability in space_poll.php of DiscuzX 3.4	Low	XSS
Access bypass vulnerability in Drupal Core	Low	Information leakage
Verification code bypass logic vulnerability in ECShop V2.7.3	Low	Logic vulnerability
Arbitrary file download vulnerability in app/controller/downController.php of FengCMS	Low	Arbitrary file read
Privilege escalation vulnerability in Joomla!	Low	Privilege escalation
Two-factor authentication bypass in Joomla!	Low	Algorithm security
File inclusion vulnerability in Console plugin of Kibana	Low	File inclusion
Stored XSS in delete.php of MetInfo	Low	XSS
SQL injection vulnerability in /function/ourphp_shoppingorders.class.php of OURPHP	Low	SQL injection
SQL injection vulnerability in /function/plugs/Comment/product-content.php of OURPHP	Low	SQL injection
XSS vulnerability in db_central_columns.php of phpMyAdmin	Low	XSS
SQL injection vulnerability in model/register.class.php of PHPYUN	Low	Remote code execution
Privilege escalation vulnerability in wap/member/model/com.class.php of PHPYUN	Low	Horizontal/vertical privilege escalation
File information leakage vulnerability in svinfo.php of Shopex V4.8.4–4.8.5	Low	Information leakage
XSS vulnerability in Wordpress < 4.9.2	Low	XSS
Reflected XSS vulnerability in flashmediaelement.swf of WordPress 4.2.0–4.5.1	Low	XSS
XSS in oEmbed of WordPress 4.4–4.8.1	Low	XSS
Tampered feature of the audio playlist in WordPress	Low	XSS
Physical path leakage in the Fancybox For WordPress plugin of WordPress	Low	Information leakage
Passage viewing with bypassed password in WordPress	Low	Horizontal/vertical privilege escalation
XSS vulnerability in the Duplicator Migration plugin of Wordpress	Low	XSS
SQL injection vulnerability in /user/adv2.php of ZZCMS	Low	SQL injection
Reflected XSS vulnerability in system/module/user/control.php of chanzhiCMS	Low	XSS
Remote code execution vulnerability in inc/class.inc.php of Qibo CMS	Low	Remote code execution