Comsenz : Security Vulnerabilities, CVEs,
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
Max CVSS
5.9
EPSS Score
0.20%
Published
2018-12-24
Updated
2019-01-10
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
Max CVSS
8.1
EPSS Score
0.46%
Published
2018-12-24
Updated
2019-10-03
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
Max CVSS
8.1
EPSS Score
0.46%
Published
2018-12-24
Updated
2019-10-03
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-10-09
Updated
2020-06-17
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
Max CVSS
9.8
EPSS Score
0.76%
Published
2018-10-09
Updated
2018-11-29
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
Max CVSS
9.0
EPSS Score
1.72%
Published
2019-05-22
Updated
2019-05-23
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
Max CVSS
7.5
EPSS Score
0.11%
Published
2009-09-15
Updated
2017-09-19
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
Max CVSS
6.5
EPSS Score
1.87%
Published
2009-08-12
Updated
2017-09-29
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-08-08
Updated
2017-09-29
9 vulnerabilities found