jixin zhang - Security Researcher - Exploit Intelligence Platform

CVE-2024-31009 WRITEUP MEDIUM WRITEUP

semcms 4.8 - SQL Injection via Banner.php lgid Parameter

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.

CVSS 6.5

View Code

CVE-2024-31010 WRITEUP HIGH WRITEUP

SEMCMS 4.8 - SQL Injection via Banner.php ID Parameter

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.

CVSS 7.5

View Code

CVE-2024-31011 WRITEUP CRITICAL WRITEUP

beescms 4.0 - Remote Code Execution via Arbitrary File Write in admin_template.php

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.

CVSS 9.8

View Code

CVE-2024-31012 WRITEUP CRITICAL WRITEUP

SEMCMS 4.8 - Unauthenticated Arbitrary File Upload via upload.php

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.

CVSS 9.8

View Code

CVE-2024-31609 WRITEUP HIGH WRITEUP

BOSSCMS 3.10 - Stored Cross-Site Scripting via Header and Footer Code Fields

Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.

CVSS 7.1

View Code

CVE-2024-31610 WRITEUP MEDIUM WRITEUP

Code-Projects Simple School Management System 1.0 - Remote Code Execution via Avatar Upload

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.

CVSS 6.3

View Code

CVE-2024-31611 WRITEUP CRITICAL WRITEUP

SeaCMS 12.9 - Arbitrary File Deletion via admin_template.php

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

CVSS 9.1

View Code

CVE-2024-31612 WRITEUP MEDIUM WRITEUP

emlog pro2.3 - Cross-Site Request Forgery via twitter.php

Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.

CVSS 6.5

View Code

CVE-2024-32167 WRITEUP CRITICAL WRITEUP

Sourcecodester Online Medicine Ordering System 1.0 - Info Disclosure

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.

CVSS 9.1

View Code