Sql injection

tonyy dormsystem through 1.3 allows SQL Injection in admin.php...

CVE-2019-17580

tonyy dormsystem through 1.3 allows SQL Injection in admin.php...

CVE-2019-17580

The CVE-2019-17580 entry corresponds to Tooonyy dormsystem prior to or at version 1.3, where a SQL injection vulnerability exists in admin.php due to lack of validation of externally-entered SQL statements. The connected records (CNVD-2020-14283, RH: CVE-2019-17580, OSV and CVE listings) corrobor...

CVE-2019-17417

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs...

PbootCMS Cross-Site Scripting Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. A cross-site scripting vulnerability exists in PbootCMS 2.0.2, which can be exploited to conduct cross-site scripting attacks via routes involving Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URI...

CVE-2019-17417

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs...

CVE-2015-9442

The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenirplugin...

CVE-2015-9448

The CVE-2015-9448 issue affects the WordPress SendPress plugin (versions prior to 1.2). The vulnerability is an SQL Injection in the wp-admin/admin.php?page=sp-queue listid parameter. Impact per sources includes manipulation/exfiltration of data via the web interface, with CVSS scores indicating ...

CVE-2015-9440

The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new...

CVE-2016-10973

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php...

CVE-2019-13363

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

Design/Logic Flaw

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

Cross site request forgery (csrf)

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

CVE-2019-13363

CVE-2019-13363 affects Piwigo 2.9.5. The vulnerability is a Cross‑Site Scripting (XSS) in the admin.php?page=notification_by_mail endpoint, exploitable via parameters such as nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_date...

CVE-2019-13363

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

Sql injection

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

Design/Logic Flaw

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

CVE-2017-18614

CVE-2017-18614 affects the WordPress plugin kama-clic-counter (v3.4.9) . Multiple connected sources confirm a SQL injection vulnerability exposed via the plugin’s admin.php, specifically the order parameter . The root cause is described as a lack of validation of externally entered SQL statements...