漏洞标题 CVE-2021-31602: Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass 漏洞描述 Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence...

漏洞标题 adminer存在服务器端请求伪造漏洞(CVE-2021-21311) 漏洞描述 adminer是一个php开发的数据库管理的web工具，该系统存在ssrf漏洞。 PoC代码 暂无

漏洞标题 CVE-2023-29084: ManageEngine ADManager Plus - Command Injection 漏洞描述 Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command in...

漏洞标题 CVE-2021-38540: Apache Airflow - Unauthenticated Variable Import 漏洞描述 Apache Airflow Airflow >=2.0.0 and <2.1.3 does not protect the variable import endpoint whi...

漏洞标题 CVE-2024-10486: Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File 漏洞描述 The Google for WooCommerce plugin for WordPress ...

漏洞标题 CVE-2010-2918: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion 漏洞描述 A PHP remote file inclusion vulnerability in core/include/myMailer.cl...

漏洞标题 CVE-2023-4666: Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload 漏洞描述 The plugin does not validate signatures when creating them on the server from user ...

CheckIn题目分析 首先我们来看一下题目，首页就是一个简单的上传界面： 我们先上传一个php文件试一下，显然是illegal的 经过fuzz发现修改content-type和利用特殊扩展名php5、pht等都没有成功（...

漏洞标题 CVE-2023-39677: PrestaShop MyPrestaModules - PhpInfo Disclosure 漏洞描述 PrestaShop modules by MyPrestaModules expose PHPInfo PoC代码

漏洞标题 CVE-2010-1345: Joomla! Component Cookex Agency CKForms - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) compo...

漏洞标题 CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting 漏洞描述 WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerabil...

漏洞标题 Bylancer Quicklancer CVE-2024-7188 SQL注入漏洞 漏洞描述 Bylancer Quicklancer是Bylancer公司的一个自由职业者平台。Bylancer Quicklancer 存在SQL注入漏洞。此漏洞是由于对用户发...

漏洞标题 CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass 漏洞描述 RegistrationMagic WordPress plugin versions <= 5.0.1.7 contain an authentication bypass ...

漏洞标题 Atlassian Confluence CVE-2023-22527 远程命令执行漏洞 漏洞描述 Atlassian Confluence存在远程命令执行漏洞，此漏洞是对用户的数据缺乏校验导致的。 PoC代码 暂无

漏洞标题 CVE-2010-1056: Joomla! Component com_rokdownloads - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component befo...

漏洞标题 CVE-2021-43496: Clustering Local File Inclusion 漏洞描述 Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversa...