漏洞标题 CVE-2021-24970: WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion 漏洞描述 WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local...

漏洞标题 CVE-2022-3982: WordPress Booking Calendar <3.2.2 - Arbitrary File Upload 漏洞描述 WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload...

漏洞标题 CVE-2024-51211: openSIS Classic v9.1 - SQL Injection 漏洞描述 SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.ph...

SQL注入原理 步骤： 1. 通过特殊的数据库查询语句 2. 在数据库的错误返回中找到sql漏洞 3. 利用sql语句猜解管理人员信息并登陆管理员后台 简单说就是：sql注入是将sql代码插入或添加到用户的输...

首先爬一遍整个网站，发现有没注册的时候有“login”,'register'， 这两个页面，注册一个123用户登录后发现有 'index“,”post“,”logout“，”change password“这四个界面， 根据题目提示的a...

漏洞标题 CVE-2025-30220: GeoServer WFS - XXE Processing Vulnerability 漏洞描述 GeoServer Web Feature Service (WFS) is vulnerable to an XML External Entity (XXE) processing attack d...

漏洞标题 CVE-2021-36260: Hikvision IP camera/NVR - Remote Command Execution 漏洞描述 Certain Hikvision products contain a command injection vulnerability in the web server due to t...

漏洞标题 CVE-2024-7339: TVT DVR Sensitive Device - Information Disclosure 漏洞描述 A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-40...

漏洞标题 CVE-2025-55182: React Server Components - Remote Code Execution 漏洞描述 React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, reac...

漏洞标题 (CVE-2010-1659) Joomla! Ultimate Portfolio组件目录遍历漏洞 漏洞描述 (CVE-2010-1659) Joomla! Ultimate Portfolio组件目录遍历漏洞 PoC代码 暂无

漏洞标题 CVE-2024-38653: Ivanti Avalanche SmartDeviceServer - XML External Entity 漏洞描述 XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attack...

漏洞标题 CVE-2021-26086: Atlassian Jira Limited - Local File Inclusion 漏洞描述 Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file incl...

漏洞标题 CVE-2021-37589: Virtua Software Cobranca <12R - Blind SQL Injection 漏洞描述 Virtua Cobranca before 12R allows blind SQL injection on the login page. PoC代码

漏洞标题 CVE-2020-13258: Contentful <=2020-05-21 - Cross-Site Scripting 漏洞描述 Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability...

漏洞标题 CVE-2023-36287: Webkul QloApps 1.6.0 - Cross-site Scripting 漏洞描述 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an at...

漏洞标题 CVE-2024-48307: JeecgBoot v3.7.1 - SQL Injection 漏洞描述 The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit...