noneCms
noneCms copied to clipboard
nangge
基于thinkphp5.1 的内容管理系统,可快速搭建博客、企业站;并且增加了实时聊天室
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected arbitrary web script or HTML via the name parameter to launch...
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/role/dele.html, as demonstrated by deleting the admin role. Vulnerability code is located in application\admin\controller\Role.php: ```php /** * 删除角色信息 */ public function dele() {...
The latest patch V1.3.0 of NoneCMS has a directory traversal vulnerability in application/admin/controller/Main.php. The vulnerability allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a...
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. By default, noneCMS uses Editor.md for...
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. A remote user who has the...
NoneCMS V1.3.0 has a XSS vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf. I download the swfupload.swf file and I use FFdec to decompile the file. Then I find that user can control the movieName...
由于在根据源码的加密过程更改了数据库中的password字段的值,未进行记录,因此无法复现(重新安装可复现 在更改之前,一直用户密码错误,更改之后,好了 不知道是不是测试数据的问题还是设置的用户名、密码未进入数据库 测试账户: 账号:admin 密码:admin123   更改数据库数据后成功d登录! 
