Types webapps - 体验盒子 - 不再关注网络安全

日期	标题	类别	作者
2021-11-24	CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)	webapps	S1lv3r
2021-11-23	FLEX 1085 Web 1.6.0 – HTML Injection	webapps	Mr Empy
2021-11-23	Bus Pass Management System 1.0 – ‘Search’ SQL injection	webapps	Abhijeet Singh
2021-11-23	Webrun 3.6.0.42 – ‘P_0’ SQL Injection	webapps	Vinicius Alves
2021-11-23	WordPress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure	webapps	Keyvan Hardani
2021-11-22	Aimeos Laravel ecommerce platform 2021.10 LTS – ‘sort’ SQL injection	webapps	Ilker Burak ADIYAMAN
2021-11-17	WordPress Plugin Smart Product Review 1.0.4 – Arbitrary File Upload	webapps	Keyvan Hardani
2021-11-17	GitLab 13.10.2 – Remote Code Execution (RCE) (Unauthenticated)	webapps	Jacob Baines
2021-11-17	SuiteCRM 7.11.18 – Remote Code Execution (RCE) (Authenticated) (Metasploit)	webapps	M. Cory Billington
2021-11-17	Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)	webapps	Rahad Chowdhury
2021-11-17	Bludit 3.13.1 – ‘username’ Cross Site Scripting (XSS)	webapps	Vasu
2021-11-16	CMDBuild 3.3.2 – ‘Multiple’ Cross Site Scripting (XSS)	webapps	Hosein Vita
2021-11-16	Online Learning System 2.0 – Remote Code Execution (RCE)	webapps	djebbaranon
2021-11-15	PHP Laravel 8.70.1 – Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)	webapps	Hosein Vita
2021-11-15	WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated)	webapps	Mohammed Aadhil Ashfaq
2021-11-15	Fuel CMS 1.4.13 – ‘col’ Blind SQL Injection (Authenticated)	webapps	Rahad Chowdhury
2021-11-15	Simple Subscription Website 1.0 – SQLi Authentication Bypass	webapps	Daniel Haro
2021-11-15	KONGA 0.14.9 – Privilege Escalation	webapps	Fabricio Salomao
2021-11-15	WordPress Plugin WPSchoolPress 2.1.16 – ‘Multiple’ Cross Site Scripting (XSS)	webapps	Davide Taraschi
2021-11-12	Mumara Classic 2.93 – ‘license’ SQL Injection (Unauthenticated)	webapps	Shain Lakin
2021-11-12	WordPress Plugin AccessPress Social Icons 1.8.2 – ‘icon title’ Stored Cross-Site Scripting (XSS)	webapps	Murat DEMİRCİ
2021-11-12	WordPress Plugin WP Symposium Pro 2021.10 – ‘wps_admin_forum_add_name’ Stored Cross-Site Scripting (XSS)	webapps	Murat DEMİRCİ
2021-11-11	FormaLMS 2.4.4 – Authentication Bypass	webapps	Cristian \'void\' Giustini
2021-11-11	Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3)	webapps	Valentin Lobstein