CVE-2019-17580

The CVE-2019-17580 entry corresponds to Tooonyy dormsystem prior to or at version 1.3, where a SQL injection vulnerability exists in admin.php due to lack of validation of externally-entered SQL statements. The connected records (CNVD-2020-14283, RH: CVE-2019-17580, OSV and CVE listings) corrobor...

CVE-2019-17417

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs...

PbootCMS Cross-Site Scripting Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. A cross-site scripting vulnerability exists in PbootCMS 2.0.2, which can be exploited to conduct cross-site scripting attacks via routes involving Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URI...

CVE-2019-17417

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs...

CVE-2015-9442

The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenirplugin...

CVE-2015-9448

The CVE-2015-9448 issue affects the WordPress SendPress plugin (versions prior to 1.2). The vulnerability is an SQL Injection in the wp-admin/admin.php?page=sp-queue listid parameter. Impact per sources includes manipulation/exfiltration of data via the web interface, with CVSS scores indicating ...

CVE-2015-9440

The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new...

CVE-2016-10973

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php...

CVE-2019-13363

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

Design/Logic Flaw

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

Cross site request forgery (csrf)

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

CVE-2019-13363

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

CVE-2019-13363

CVE-2019-13363 affects Piwigo 2.9.5. The vulnerability is a Cross‑Site Scripting (XSS) in the admin.php?page=notification_by_mail endpoint, exploitable via parameters such as nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_date...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

Sql injection

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

Design/Logic Flaw

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

CVE-2017-18614

CVE-2017-18614 affects the WordPress plugin kama-clic-counter (v3.4.9) . Multiple connected sources confirm a SQL injection vulnerability exposed via the plugin’s admin.php, specifically the order parameter . The root cause is described as a lack of validation of externally entered SQL statements...

CVE-2015-9292

6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...

Cross site request forgery (csrf)

6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...