Lucene search
K

46 matches found

CNNVD
CNNVD
added 2023/07/20 12:0 a.m.3 views

Millhouse-Project SQL注入漏洞

Millhouse-Project is a blog page for the individual developer Thérèse Scott Rossi. A security vulnerability exists in Millhouse-Project version 1.414, which stems from a Remote Code Execution RCE vulnerability in component/addpostsql.php...

9.8CVSS8.6AI score0.01663EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.6 views

SUSE CVE-2014-3622

Use-after-free vulnerability in the addpostvar function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value...

9.8CVSS8.1AI score0.03121EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.3 views

AeroCMS 跨站脚本漏洞

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 contains a security vulnerability that originates from the inclusion of cross-site scripting XSS via addpost.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload...

4.8CVSS5.2AI score0.00457EPSS
Exploits1References3
OSV
OSV
added 2022/06/27 9:15 a.m.2 views

CVE-2022-1913

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

4.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/06/02 2:15 p.m.4 views

CVE-2022-30813

elitecms 1.01 is vulnerable to SQL Injection via /admin/addpost.php...

9.8CVSS5.8AI score0.01081EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.4 views

CVE-2022-30813

elitecms 1.01 is vulnerable to SQL Injection via /admin/addpost.php...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.5 views

elitecms SQL注入漏洞

Elitecms is a Web content management from elitecms India. elitecms version 1.01 has a SQL injection vulnerability that originates from the lack of validation of external input SQL statements on the /admin/addpost.php page, which can be exploited by attackers to execute illegal SQL commands to ste...

9.8CVSS6.1AI score0.01081EPSS
Exploits1References2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.167 views

Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; XSS will be...

4.3CVSS0.5AI score0.00412EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.6 views

The vulnerability of the `add_post_var` function in the PHP programming language allows attackers to execute arbitrary PHP code.

The vulnerability of the addpostvar function in the PHP programming language is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary PHP code...

9.8CVSS8.1AI score0.03121EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2022/04/08 9:15 a.m.4 views

CVE-2022-27348

Social Codia SMS v1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...

4.8CVSS5.9AI score0.01082EPSS
Exploits3References3
OSV
OSV
added 2022/01/31 4:15 p.m.4 views

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

7.5CVSS7.1AI score0.0137EPSS
Exploits1References2
OSV
OSV
added 2021/07/23 2:15 p.m.5 views

CVE-2021-25203

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\adminaddpost.php...

9.8CVSS6AI score0.01874EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/10/17 12:0 a.m.234 views

WordPress Popup Builder 3.49 Cross Site Scripting

Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software Link: https://wordpress.org/plugins/popup-builder/ Version: 3.49 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/17 12:0 a.m.358 views

WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software Link: https://wordpress.org/plugins/popup-builder/ Version: 3.49 Tested...

7AI score
Exploits0
exploitpack
exploitpack
added 2019/03/04 12:0 a.m.22 views

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/03/04 12:0 a.m.80 views

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/03/02 12:0 a.m.37 views

OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: http://zsoft.com.bd/ Software Link :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/01 12:0 a.m.130 views

OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection

Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link : https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Tested Version: 1.0...

0.2AI score
Exploits0
CNVD
CNVD
added 2018/04/24 12:0 a.m.6 views

WTCMS Cross-Site Request Forgery Vulnerability

WTCMS is a content management system CMS based on Thinkphp. A cross-site request forgery vulnerability exists in WTCMS version 1.0. A remote attacker can exploit this vulnerability to add an administrator account with the help of the index.php?admin&m=user&a=addpost URI...

8.8CVSS6.9AI score0.00538EPSS
Exploits1References1
OSV
OSV
added 2018/03/06 6:29 p.m.4 views

CVE-2018-7733

An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...

8.8CVSS5.8AI score0.00494EPSS
Exploits1References1
Rows per page
Query Builder