majic-banana

4 exploits Active since Apr 2024
CVE-2024-31008 WRITEUP MEDIUM WRITEUP
WUZHICMS 4.1.0 - Authentication Bypass via Captcha Logic Flaw
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
CVSS 6.5
CVE-2024-32206 WRITEUP MEDIUM WRITEUP
WUZHICMS 4.1.0 - Stored Cross-Site Scripting via Affiche Admin Index Formdata Parameter
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
CVSS 4.6
CVE-2024-33350 WRITEUP CRITICAL WRITEUP
TaoCMS 3.0.2 - Path Traversal and Arbitrary File Write via file.php Component
Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
CVSS 9.8
CVE-2024-48270 WRITEUP HIGH WRITEUP
oasys 1.1 - Information Disclosure via Login Burst Attack
An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.
CVSS 7.5