Closed Dmi3yy closed 8 years ago
https://blog.curesec.com/article/blog/ClipperCMS-130-XSS-101.html I checked this information. All tests are OK by Evo.
[XSS 1] CVSS ClipperCMS - NG Evo - OK
[XSS 2] CVSS ClipperCMS - NG Evo - OK
[XSS 3] CVSS ClipperCMS - NG Evo - OK
[XSS 4ff] CVSS ClipperCMS - NG Evo - OK
Thanks )
https://blog.curesec.com/article/blog/ClipperCMS-130-SQL-Injection-99.html I checked this information. All tests are no problem by Evo.
SQL Injection 1 (Blind) ClipperCMS - NG Evo - No problem
SQL Injection 2 ClipperCMS - NG Evo - No problem
SQL Injection 3 ClipperCMS - NG Evo - No problem
https://blog.curesec.com/article/blog/ClipperCMS-130-SQL-Injection-99.html I seem had problem ClipperCMS.
https://github.com/modxcms/evolution/commit/5711c318ec0f0db28723c1328d46a15e547827be This point. Evo has no problem. strpos($this->post['file'],'../')!==false
https://blog.curesec.com/article/blog/ClipperCMS-130-CSRF-97.html No problem Evo.
https://blog.curesec.com/article/blog/ClipperCMS-130-Code-Execution-Exploit-96.html I can not test. Because development languages are different, I do not understand it.
https://blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html ??? dotclear?
http://blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html I seem, this is wrong information.
Affected Product: dotclear 2.8.1 Fixed in: 2.8.2 Fixed Version Link: http://download.dotclear.org/latest.zip Vendor Website: http://dotclear.org/
dotclear is other product.
https://blog.curesec.com/article/blog/ClipperCMS-130-Code-Execution-95.html Maybe, this.
ClipperCMS 1.3.0: Code Execution http://blog.curesec.com/article/blog/do … on-93.html - This issue has not been fixed by the vendor. ClipperCMS 1.3.0: Code Execution Exploit http://blog.curesec.com/article/blog/Cl … it-96.html ClipperCMS 1.3.0: CSRF http://blog.curesec.com/article/blog/Cl … RF-97.html - This issue has not been fixed by the vendor. ClipperCMS 1.3.0: Path Traversal http://blog.curesec.com/article/blog/Cl … al-98.html - This issue has not been fixed by the vendor ClipperCMS 1.3.0: SQL Injection http://blog.curesec.com/article/blog/Cl … on-99.html - This issue has not been fixed by the vendor. ClipperCMS 1.3.0: XSS http://blog.curesec.com/article/blog/Cl … S-101.html - This issue has not been fixed by the vendor.