Platform php - 体验盒子 - 不再关注网络安全

日期	标题	类别	作者
2020-03-12	HRSALE 1.1.8 – Cross-Site Request Forgery (Add Admin)	webapps	Ismail Akıcı
2020-03-12	WordPress Plugin Appointment Booking Calendar 1.3.34 – CSV Injection	webapps	Daniel Monzón
2020-03-12	Joomla! Component com_newsfeeds 1.0 – ‘feedid’ SQL Injection	webapps	Milad karimi
2020-03-11	PlaySMS 1.4.3 – Template Injection / Remote Code Execution	webapps	Touhid M.Shaikh
2020-03-11	Joomla! 3.9.0 < 3.9.7 - CSV Injection	webapps	i4bdullah
2020-03-11	WordPress Plugin Search Meter 2.13.2 – CSV injection	webapps	Daniel Monzón
2020-03-11	Horde Groupware Webmail Edition 5.2.22 – PHAR Loading	webapps	Andrea Cardaci
2020-03-11	Horde Groupware Webmail Edition 5.2.22 – PHP File Inclusion	webapps	Andrea Cardaci
2020-03-11	TeamCity Agent XML-RPC 10.0 – Remote Code Execution	webapps	1F98D
2020-03-11	Wing FTP Server – Authenticated CSRF (Delete Admin)	webapps	Dhiraj Mishra
2020-03-10	PHPStudy – Backdoor Remote Code execution (Metasploit)	remote	Metasploit
2020-03-10	Persian VIP Download Script 1.0 – ‘active’ SQL Injection	webapps	Amir Hossein Vafifar
2020-03-10	Horde Groupware Webmail Edition 5.2.22 – Remote Code Execution	webapps	Andrea Cardaci
2020-03-10	YzmCMS 5.5 – ‘url’ Persistent Cross-Site Scripting	webapps	En_dust
2020-03-09	PHP-FPM – Underflow Remote Code Execution (Metasploit)	remote	Metasploit
2020-03-09	Sentrifugo HRMS 3.2 – ‘id’ SQL Injection	webapps	minhnb
2020-03-09	60CycleCMS – ‘news.php’ SQL Injection	webapps	Unkn0wn
2020-03-04	UniSharp Laravel File Manager 2.0.0 – Arbitrary File Read	webapps	NgoAnhDuc
2020-03-03	GUnet OpenEclass 1.7.3 E-learning platform – ‘month’ SQL Injection	webapps	emaragkos
2020-03-03	Alfresco 5.2.4 – Persistent Cross-Site Scripting	webapps	Alexandre ZANNI
2020-03-02	Cacti v1.2.8 – Unauthenticated Remote Code Execution (Metasploit)	webapps	Lucas Amorim
2020-03-02	WordPress Plugin Tutor LMS 1.5.3 – Cross-Site Request Forgery (Add User)	webapps	Jinson Varghese Behanan
2020-02-27	Business Live Chat Software 1.0 – Cross-Site Request Forgery (Add Admin)	webapps	Meisam Monsef
2020-02-26	PhpIX 2012 Professional – ‘id’ SQL Injection	webapps	indoushka