漏洞标题 CVE-2021-24212: WooCommerce Help Scout - Arbitrary File Upload 漏洞描述 WooCommerce Help Scout plugin before version 2.9.1 contains an unrestricted file upload vulnerabili...

漏洞标题 CVE-2024-1512: MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection 漏洞描述 The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordP...

漏洞标题 CVE-2022-29775: iSpy 7.2.2.0 - Authentication Bypass 漏洞描述 iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain...

漏洞标题 CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE) 漏洞描述 ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc...

漏洞标题 CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation 漏洞描述 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordP...

漏洞标题 CVE-2018-8006: Apache ActiveMQ <=5.15.5 - Cross-Site Scripting 漏洞描述 Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web base...

漏洞标题 CVE-2024-12824: Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change 漏洞描述 The Nokri – Job Board WordPress Theme theme for WordPr...

漏洞报告 【MTN Group】反射型XSS http://hackerone.com/reports/1210921 【Shopify】电子邮件应用程序中的 Xss http://hackerone.com/reports/1339356 【Shopify】Wordpress Rest API 响应中的...

本文转载于公众号：融云攻防实验室，原文地址： 漏洞复现-wooyun-2015-110216 Elasticsearch写入webshell ElasticSearch具有备份数据的功能，用户可以传入一个路径，让其将数据备份到该路径下，...

漏洞标题 CVE-2023-34755: bloofoxCMS v0.5.2.1 - SQL Injection 漏洞描述 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/ind...

漏洞标题 CVE-2023-45375: PrestaShop PireosPay - SQL Injection 漏洞描述 In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can ...

漏洞标题 CVE-2021-25114: WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection 漏洞描述 WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL inje...

漏洞标题 CVE-2022-29081: Zoho ManageEngine - Access Control Bypass 漏洞描述 Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before ...

漏洞标题 CVE-2024-13496: GamiPress <= 2.8.9 - SQL Injection 漏洞描述 GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insuff...

漏洞标题 CVE-2021-46419: Telesquare TLR-2855KS6 - 任意文件删除 漏洞描述 Telesquare TLR-2855KS6 中存在通过 PUT 方法创建未授权文件的漏洞，可允许创建 CGI 脚本。 fofa: product=="T...

漏洞标题 Apache ShenYu JWT身份绕过(CVE-2021-37580) 漏洞描述 ShenYu（原名 Soul）是一款高性能，响应式的网关，同时也是应用于所有微服务场景的，可扩展、高性能、响应式的 API网关解决方案...