24 matches found
GHSA-GMWR-9J4P-96VM ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
CVE-2026-40500
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
CVE-2026-40500 ProcessWire CMS SSRF via Add Module From URL
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
ProcessWire CMS 安全漏洞
ProcessWire CMS is a flexible content management system developed by ProcessWire as open source. Versions of ProcessWire CMS 3.0.255 and earlier contained security vulnerabilities. These vulnerabilities were due to a server-side request forgeing issue in the “Add Module From URL” feature of the...
PT-2026-33179
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
CVE-2025-15195
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
EUVD-2025-205608
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-15195
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-15195
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-15195
Code-Projects Assessment Management 1.0 is affected. The vulnerability lies in /admin/add-module.php where manipulating the linked[] parameter enables SQL injection. The issue can be exploited remotely and exploits have been publicly disclosed. Multiple sources corroborate the SQLi risk and remot...
CVE-2025-15195 code-projects Assessment Management add-module.php sql injection
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-15195 code-projects Assessment Management add-module.php sql injection
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
Malicious code in add-module-exports (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c839bfd4379fee1d18fbca3447b73a811fda655fedf4480f2593d5d75149a421 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36095
Malicious code in add-module-exports npm...
Malicious Package
Overview add-module-exports is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-48773 Malicious code in add-module-exports (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c839bfd4379fee1d18fbca3447b73a811fda655fedf4480f2593d5d75149a421 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2020-28957
Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...
GHSA-CV24-VH45-4HJM Foxlor cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...
Cross site scripting
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting XSS vulnerability in the content parameter of the Rubric Block Add module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value...