漏洞标题 CVE-2022-42475: Fortinet SSL-VPN - Heap-Based Buffer Overflow 漏洞描述 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN (versions 7.2.0 through 7.2....

漏洞标题 CVE-2022-41352: Zimbra Collaboration - Unrestricted File Upload 漏洞描述 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbit...

漏洞标题 CVE-2022-43185: Rukovoditel <= 3.2.1 - Cross-Site Scripting 漏洞描述 A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=gl...

漏洞标题 CVE-2022-25481: ThinkPHP 5.0.24 - Information Disclosure 漏洞描述 ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINF...

漏洞标题 CVE-2022-2627: WordPress Newspaper < 12 - Cross-Site Scripting 漏洞描述 WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitiz...

漏洞标题 CVE-2022-24706: CouchDB Erlang Distribution - Remote Command Execution 漏洞描述 In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default inst...

漏洞标题 CVE-2022-1388: F5 BIG-IP iControl REST Auth Bypass RCE 漏洞描述 This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through t...

打开题目就是一段代码，我们稍微美化一下，看的清楚点 I put something in F12 for you include 'flag.php'; $flag='MRCTF{xxxxxxxxxxxxxxxxxxxxxxxxx}'; if(isset($_GET['gg'])&&isset...

CheckIn题目分析 首先我们来看一下题目，首页就是一个简单的上传界面： 我们先上传一个php文件试一下，显然是illegal的 经过fuzz发现修改content-type和利用特殊扩展名php5、pht等都没有成功（...

漏洞标题 CVE-2022-0594: WordPress Shareaholic <9.7.6 - Information Disclosure 漏洞描述 WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The ...

漏洞标题 CVE-2022-40734: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal 漏洞描述 UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download...

漏洞标题 CVE-2022-48012: OpenCATS 0.9.7 - Cross-Site Scripting 漏洞描述 OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=setting...

漏洞标题 CVE-2022-23898: MCMS 5.2.5 - SQL Injection 漏洞描述 MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker...

漏洞标题 CVE-2022-4060: WordPress User Post Gallery <=2.19 - Remote Code Execution 漏洞描述 WordPress User Post Gallery plugin through 2.19 is susceptible to remote code executi...

漏洞标题 CVE-2022-1724: WordPress Simple Membership <4.1.1 - Cross-Site Scripting 漏洞描述 WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site script...

漏洞标题 CVE-2022-2383: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting 漏洞描述 WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scriptin...