CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

Cross site scripting

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

CVE-2022-27887

Summary: CVE-2022-27887 affects Maccms v10 and is a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. The issue is described across multiple feeds (NVD/Red Hat/CNVD/CNNVD, etc.) with consistent details that the vulnerability originates ...

CVE-2022-27887

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/vod/data.html via the repeat parameter...

CVE-2022-27886

Maccms v10 contains a reflected XSS in /admin.php/admin/ulog/index.html via the wd parameter. The issue is reported across multiple sources (CVE-2022-27886) and is confirmed in Red Hat/CNVD/CVE listings, describing a JavaScript-injection style vulnerability that could be triggered by user-supplie...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CVE-2022-27884

CVE-2022-27884 affects Maccms v10 and is a reflected cross-site scripting (XSS) vulnerability in the admin interface, specifically in /admin.php/admin/plog/index.html via the wd parameter. The root cause is insufficient input validation/escaping of user-supplied data in that parameter, enabling i...

CVE-2022-27885

CVE-2022-27885 affects Maccms v10 with multiple reflected XSS vulnerabilities in /admin.php/admin/website/data.html, exploitable via select and input parameters due to insufficient output filtering. Root cause described as lack of user-supplied data validation and filtering, enabling JavaScript i...

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

CVE-2020-21554

A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...

Arbitrary file deletion

A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...

TaoCMS arbitrary file reading vulnerability

Taocms is a micro Cms content management system in China.TaoCMS has an arbitrary file reading vulnerability that can be exploited by attackers via admin.php?action=file & ctrl=download & path=... /... /1.txt to read any file...

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: Directory Traversal - Arbitrary File Delete Description: The LokiRAT...

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

Sql injection

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

CVE-2022-25403

CVE-2022-25403 affects HMS v1.0, with a SQL injection vulnerability in the admin.php component. The issue stems from inadequate handling/validation of user input in admin.php, allowing injection of arbitrary SQL statements. Reported impact in CVSS indicates high severity with partial confidential...

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...