Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DCP-Portal多个跨站脚本和SQL注入漏洞
Vulnerability Description
DCP-Portal是一款网站内容管理系统,包括成员管理、投票系统、日历系统等。 DCP-Portal的calendar.php、register.php、index.php等脚本没有充分的验证POST变量,导致跨站脚本和SQL注入攻击,成功利用这些漏洞的攻击者可以远程执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A