46 matches found
Millhouse-Project SQL注入漏洞
Millhouse-Project is a blog page for the individual developer Thérèse Scott Rossi. A security vulnerability exists in Millhouse-Project version 1.414, which stems from a Remote Code Execution RCE vulnerability in component/addpostsql.php...
SUSE CVE-2014-3622
Use-after-free vulnerability in the addpostvar function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value...
AeroCMS 跨站脚本漏洞
AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 contains a security vulnerability that originates from the inclusion of cross-site scripting XSS via addpost.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload...
CVE-2022-1913
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-30813
elitecms 1.01 is vulnerable to SQL Injection via /admin/addpost.php...
CVE-2022-30813
elitecms 1.01 is vulnerable to SQL Injection via /admin/addpost.php...
elitecms SQL注入漏洞
Elitecms is a Web content management from elitecms India. elitecms version 1.01 has a SQL injection vulnerability that originates from the lack of validation of external input SQL statements on the /admin/addpost.php page, which can be exploited by attackers to execute illegal SQL commands to ste...
Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping " document.getElementById"test".submit; XSS will be...
The vulnerability of the `add_post_var` function in the PHP programming language allows attackers to execute arbitrary PHP code.
The vulnerability of the addpostvar function in the PHP programming language is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary PHP code...
CVE-2022-27348
Social Codia SMS v1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...
CVE-2021-46458
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...
CVE-2021-25203
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\adminaddpost.php...
WordPress Popup Builder 3.49 Cross Site Scripting
Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software Link: https://wordpress.org/plugins/popup-builder/ Version: 3.49 Tested...
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software Link: https://wordpress.org/plugins/popup-builder/ Version: 3.49 Tested...
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...
OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: http://zsoft.com.bd/ Software Link :...
OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection
Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link : https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Tested Version: 1.0...
WTCMS Cross-Site Request Forgery Vulnerability
WTCMS is a content management system CMS based on Thinkphp. A cross-site request forgery vulnerability exists in WTCMS version 1.0. A remote attacker can exploit this vulnerability to add an administrator account with the help of the index.php?admin&m=user&a=addpost URI...
CVE-2018-7733
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...