Bugs

CVE

IDCVSS ScoreTitle
CVE-2018-114706.5iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
CVE-2018-113737.5iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
CVE-2018-113727.5iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2017-141186.5In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolsinterface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
CVE-2017-137805.0The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
CVE-2017-137784.3Fiyo CMS 2.0.7 has XSS in dapurappsapp_configsys_config.php via the site_name parameter.

新评论

称呼不能为空
邮箱格式不合法
网站格式不合法
内容不能为空