1596 matches found
PT-2023-31486 · Lmxcms · Lmxcms
Name of the Vulnerable Software and Affected Versions: lmxcms versions up to 1.41 Description: A critical issue affects some unknown functionality of the file admin.php. The manipulation of the lid argument leads to SQL injection. The vendor was contacted about this disclosure but did not respond...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2020-21881
DuxCMS 2.1 contains a Cross Site Request Forgery (CSRF) vulnerability in admin.php (endpoint article/admin/content/add) that allows remote attackers to modify application data. The issue is documented across multiple sources (e.g., CVE-2020-21881) with remediation guidance suggesting CSRF token v...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
PT-2023-11606 · Duxcms · Duxcms
Name of the Vulnerable Software and Affected Versions: DuxCMS version 2.1 Description: A Cross Site Request Forgery CSRF issue in the admin.php file of DuxCMS allows remote attackers to modify application data via the "article/admin/content/add" endpoint. This can be exploited by tricking...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2023-27082
Cross Site Scripting XSS vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file...
CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...
CVE-2023-27083
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...
CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...
CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...
Cross site scripting
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php...
Code injection
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...
CVE-2020-20725
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php...
CVE-2021-31280
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...
CVE-2021-31280
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...
CVE-2021-31280
CVE-2021-31280 affects tp5cms prior to or through 2017-05-25. The issue is a cross-site scripting (XSS) vulnerability in admin.php/system/set.html exploitable via the keywords parameter. The related Red Hat/NVD/EU references corroborate an XSS in tp5cms with the same endpoint and parameter. CVSS ...
CVE-2023-33601
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-33601
CVE-2023-33601 describes an arbitrary file upload vulnerability in the PHPok web application (version 6.4.100). The flaw resides in the /admin.php?c=upload endpoint, allowing an attacker to upload a crafted PHP file to achieve arbitrary code execution. The provided connected documents confirm the...