Gitee Exploits
415 exploits tracked across all sources.
Mingsoft MCMS <5.2.7 - SQL Injection
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.
by mingSoft
Mingsoft Mcms - SQL Injection
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
by mingSoft
Mingsoft Mcms - SQL Injection
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
by mingSoft
Mingsoft Mcms - Unrestricted File Upload
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
by mingSoft
Mingsoft MCMS 5.2.8 - SQL Injection
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
by mingSoft
Mingsoft MCMS 5.2.8 - XSS
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.
by mingSoft
Mingsoft MCMS <5.2.9 - SQL Injection
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.
by mingSoft
Mingsoft MCMS 5.2.9 - XSS
A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.
by mingSoft
MCMS <5.2.10 - File Write
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.
by mingSoft
Mingsoft Mcms < 5.3.1 - XSS
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.
by mingSoft
Mingsoft Mcms - SQL Injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
by mingSoft
mingSoft MCMS <5.2.4 - Info Disclosure
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.
by mingSoft
Fuyanglipengjun Wetong Mall - SQL Injection
A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.
by fuyang_lipengjun
Keking Kkfileview - XSS
A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.
by kailing
y_project RuoYi-Cloud - XSS
A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.
by y_project
Crmeb - Unrestricted File Upload
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
by honor8
Crmeb - SSRF
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.
by honor8
Layui < 2.8.0 - XSS
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.
by sentsim
Layui < 2.8.0 - XSS
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.
by sentsim
Notepad-- - Improper Resource Release
A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.
by cxasm
Jpress - Remote Code Execution
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
by fuhai
Lenosp < 1.2.0 - SQL Injection
Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module.
by bweird
Lenosp < 1.2.0 - Unrestricted File Upload
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file.
by bweird
zzdevelop lenosp <20230831 - XSS
** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of the component Adduser Page. The manipulation of the argument username with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-266127. NOTE: The vendor rejected the issue because he claims that XSS which require administrative privileges are not of any use for attackers.
by bweird
Survey King v0.3.0 - Code Injection
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
by surveyking
By Source