Cumtyuanfeng - Security Researcher - Exploit Intelligence Platform

CVE-2020-18165 WRITEUP MEDIUM WRITEUP

laobancms v2.0 - Stored Cross-Site Scripting via Website SEO Keywords Field

Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".

CVSS 4.8

View Code

CVE-2020-18166 WRITEUP CRITICAL WRITEUP

laobancms v2.0 - Unrestricted File Upload via admin/wenjian.php

Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".

CVSS 9.8

View Code

CVE-2020-18167 WRITEUP MEDIUM WRITEUP

laobancms v2.0 - Stored Cross-Site Scripting in Homepage Introduction Field

Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".

CVSS 4.8

View Code