xxy961216

2 exploits Active since Sep 2018
CVE-2018-16724 WRITEUP CRITICAL WORKING POC
baijiacms V4 - Blind SQL Injection via Order Parameter
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
CVSS 9.8
CVE-2018-16725 WRITEUP MEDIUM WORKING POC
baijiacms V4 - Cross-Site Scripting via ZeroClipboard.swf id Parameter
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
CVSS 6.1