eID Easy < 4.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts...

CF Geo Plugin < 7.13.12 - Reflected Cross-Site Scripting

The plugin does not escape the some parameter before outputting them back in admin pages, leading to a Reflected Cross-Site Scripting issue POST /wp-admin/admin.php?page=cf-geoplugin-activate HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language...

Sql injection

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

CVE-2021-3264

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

Electron Technologies FZC PopojiCMS Cross-Site Request Forgery Vulnerability

Electron Technologies FZC PopojiCMS is an open source content management system CMS based on the Popoji framework from Electron Technologies FZC. version 2.0.1 of Electron Technologies FZC PopojiCMS admin.php is vulnerable to cross-site request forgery. No detailed vulnerability details are...

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

Sql injection

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

CVE-2020-19821

DOYO CMS (DOYOCMS) 2.3 contains a SQL injection in admin.php reachable via the orders[] parameter, allowing attackers to execute arbitrary SQL commands. Root cause: improper handling/sanitization of the orders[] input leads to injection. Affected component: DOYOCMS 2.3; entry describes high-sever...

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

DOYO SQL注入漏洞

DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

Directory traversal

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...

CVE-2020-19547

CVE-2020-19547 affects PopojiCMS 2.0.1, where a directory traversal vulnerability exists via the id parameter in admin.php. The issue is triggered over the network and is tied to an input path handling flaw in PopojiCMS’s admin interface, allowing potentially access to sensitive files. The connec...

CVE-2020-18065

CVE-2020-18065 affects PopojiCMS 2.0.1, specifically the admin.php?mod=menumanager functionality. The vulnerability is described as a Cross Site Scripting (XSS) issue; the connected documents do not provide technical details such as vulnerable function, input handling, or exploitation vectors. CV...

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

CVE-2021-39599

CVE-2021-39599 affects CXUUCMS 3.1, with multiple XSS vulnerabilities in public/search.php (search parameter) and admin.php (c parameter). The root cause is unsanitized input leading to client-side code execution. Impact is documented as XSS with potential impact on confidentiality/integrity depe...