NixCMS 1.0 – ‘category_id’ SQL Injection
>> ARCHIVE: 2018-02
NixCMS 1.0 – ‘category_id’ SQL Injection
Wonder CMS 2.3.1 – ‘Host’ Header Injection
http://www.sakon-nfe.go.th/index.php notified by KATENBAD
http://www.info.mua.go.th/ash.html notified by Ashiyane Digital Security Team
http://phudin.go.th/jembot.htm notified by Trenggalek Cyber Army
Free CMS version 1.0a suffers from a cross site scripting vulnerability via a malicious upload.
Rich FileManager version 2.7.0 suffers from a cross site scripting vulnerability via a malicious file upload.
Mara CMS version 7.1 suffers from a cross site scripting vulnerability.
Wikindx version 5.2.1 suffers from a cross site scripting vulnerability.
WordPress Doctor Appointment Booking plugin version 1.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.