Lucene search
+L

172 matches found

CNVD
CNVD
added 2021/12/14 12:0 a.m.38 views

Pluck code issue vulnerability (CNVD-2021-100243)

Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...

8.1CVSS3AI score0.02529EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.7 views

Pluck 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...

8.1CVSS5.8AI score0.02529EPSS
Exploits1References1
Prion
Prion
added 2021/07/14 3:15 p.m.11 views

Input validation

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

6.8CVSS7.7AI score0.00898EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.9 views

Piwigo SQL注入漏洞

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in the order0dir parameter in admin/userlistbackend.php in Piwigo version 11.4.0. An attacker can exploit this vulnerability to obtain sensitive database information...

9.8CVSS5.9AI score0.02146EPSS
Exploits1References3
CNVD
CNVD
added 2021/02/26 12:0 a.m.5 views

File Upload Vulnerability in OurPHP Admin Backend

OurPHP is a PHP MySQL-based development of W3C-compliant site-building system. A file upload vulnerability exists in the administrative backend of OurPHP, which allows attackers to gain control of the web server...

7.5AI score
Exploits0
CNVD
CNVD
added 2020/11/09 12:0 a.m.1 views

Command Execution Vulnerability in WeCenter Admin Backend

WeCenter Social Knowledge Quiz System is a php quiz system developed with PHP+MySQL. A command execution vulnerability exists in the WeCenter administration backend. An attacker can exploit this vulnerability to gain control of the server...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/08/11 12:0 a.m.1 views

File Upload Vulnerability in WeCenter 3.6.0 Admin Backend

WeCenter is an open source knowledge-based social Q&A community program. A file upload vulnerability exists in the WeCenter 3.6.0 administration background, which can be exploited by an attacker to upload a webshell and gain server privileges...

7.2AI score
Exploits0
OSV
OSV
added 2020/05/12 6:15 p.m.5 views

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

8.8CVSS7.2AI score0.00981EPSS
Exploits0References2
NVD
NVD
added 2020/05/12 6:15 p.m.18 views

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

8.8CVSS8.2AI score0.00981EPSS
Exploits0References2
Prion
Prion
added 2020/05/12 6:15 p.m.18 views

Sql injection

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

6.5CVSS8.8AI score0.00981EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2020/05/12 5:48 p.m.22 views

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

7.7CVSS8.9AI score0.00981EPSS
Exploits0References2
CVE
CVE
added 2020/05/12 5:48 p.m.68 views

CVE-2020-6249

The CVE-2020-6249 entry describes a SQL injection vulnerability in SAP Master Data Governance (MDG) where the admin backend report enables an attacker to craft database queries that expose the backend database. Affected components include MDG in SAP S4CORE 101, S4FND 102–104, SAP_BS_FND 748. The ...

8.8CVSS8.8AI score0.00981EPSS
Exploits0References2Affected Software3
Veracode
Veracode
added 2020/04/30 2:24 a.m.39 views

Privilege Escalation

gvfs is vulnerable to privilege escalation. A race condition in daemon/gvfsbackendadmin.c allows escalation of privileges due to admin backend not implementing queryinfoonread/write...

8.1CVSS4.5AI score0.01749EPSS
Exploits0References11Affected Software28
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.6 views

gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS5.8AI score0.01749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.6 views

gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move and copy with GFILECOPYALLMETADATA operations from admin:// to file:// URIs, because root privileges are unavailable...

5.7CVSS5.8AI score0.0184EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.7 views

gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c

It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read...

7.3CVSS5.8AI score0.01832EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/01 12:0 a.m.3 views

SQL Injection Vulnerability in Baishuo Networks CMS Admin Backend Login

Baishuo web cms management system is a content management system for text processing, image processing, flash animation, sound and video streaming, images and even email archives. A SQL injection vulnerability exists in the backend login of Bystronic's cms management system, which can be exploite...

7.7AI score
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for gvfs (EulerOS-SA-2019-1968)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.0184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.31 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : gvfs Vulnerability (NS-SA-2019-0238)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users...

7CVSS7.1AI score0.00368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.29 views

EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-2156)

According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileg...

7CVSS7.1AI score0.00368EPSS
Exploits0References2
Rows per page
Query Builder