SuperSalsa20 - Security Researcher - Exploit Intelligence Platform

CVE-2019-16192 WRITEUP CRITICAL WRITEUP

DocCms 2016.5.17 - RCE

upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.

CVSS 9.8

View Code

CVE-2020-20122 WRITEUP CRITICAL WRITEUP

Wuzhicms - SQL Injection

Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

CVSS 9.8

View Code

CVE-2020-20413 WRITEUP CRITICAL WRITEUP

Wuzhicms - SQL Injection

SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.

CVSS 9.8

View Code