majic-banana

4 exploits Active since Apr 2024
CVE-2024-31008 WRITEUP MEDIUM WRITEUP
Wuzhicms - Authentication Bypass by Spoofing
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
CVSS 6.5
CVE-2024-32206 WRITEUP MEDIUM WRITEUP
WUZHICMS <4.1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
CVSS 4.6
CVE-2024-33350 WRITEUP CRITICAL WRITEUP
Taogogo Taocms - Path Traversal
Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
CVSS 9.8
CVE-2024-48270 WRITEUP HIGH WRITEUP
oasys v1.1 - Info Disclosure
An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.
CVSS 7.5