The article provides a detailed security analysis of the XiongHai CMS 1.0, describing its directory structure and exposing multiple vulnerabilities including file inclusion, SQL injection, XSS, and vertical privilege escalation, along with example exploit code.
This article explains what directory (path) traversal is, demonstrates how attackers can read or write arbitrary files on a server by manipulating file‑path parameters, outlines common bypass techniques, and provides concrete defensive coding practices to mitigate the vulnerability.
This article analyzes the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), detailing affected versions, the underlying code flaw, how attackers can read arbitrary files and achieve remote code execution, and provides concrete upgrade recommendations to mitigate the risk.
The article details the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), explains how it enables arbitrary file read and remote code execution on vulnerable Tomcat versions, and provides remediation steps including upgrading to patched releases.
This article explains the background, affected versions, technical analysis, exploitation steps, and remediation recommendations for the Apache Tomcat AJP file inclusion vulnerability (CVE‑2020‑1938), providing detailed code insights and practical upgrade guidance.
