Gitee Exploits
415 exploits tracked across all sources.
xiandafu beetl-bbs - XSS
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.
by xiandafu
Jfinalcms - Path Traversal
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
by heyewei
Jfinalcms - SQL Injection
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.
by heyewei
Pearadmin Think < 2.1.2 - Unrestricted File Upload
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
by Jmysy
Pearadmin Pear Admin Think - SQL Injection
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
by Jmysy
Shirne Cms - Path Traversal
An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php
by shirne
Ityouknow favorites-web - XSS
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.
by ityouknow
Newbinggogo < 2023.5.5.2 - XSS
A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.
by jja8
HkCms 2.2.4.230206 - Code Injection
A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.
by Hk_Cms
HKcms <2.3.0.230709 - XSS
HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.
by Hk_Cms
xzjie cms <1.0.3 - Unrestricted Upload
A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.
by xzjie
XiaoBingBy TeaCMS 2.0 - Path Traversal
A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.
by xiaobingby
XiaoBingBy TeaCMS <2.0.2 - SQL Injection
A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.
by xiaobingby
XiaoBingBy TeaCMS <=2.0.2 - XSS
A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.
by xiaobingby
TeaCMS - XSS
Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.
by xiaobingby
TeaCMS - XSS
Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter.
by xiaobingby
TeaCMS 2.3.3 - Privilege Escalation
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).
by xiaobingby
TeaCMS 2.3.3 - Privilege Escalation
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).
by xiaobingby
Fs-blog - XSS
A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267.
by zbl1996
bboss-persistent <6.0.9 - Code Injection
bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.
by bbossgroups
tpcms <3.2 - Info Disclosure
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
by happy_source
tpcms 3.2 - XSS
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
by happy_source
Tpcms - XSS
A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box.
by happy_source
Tpcms - Log Information Exposure
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
by happy_source
Tpcms - Unrestricted File Upload
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.
by happy_source
By Source