276 matches found
vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50940)
vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the Smilie title of Smilies Manager...
vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50939)
vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP of vBulletin 5.6.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the "Pay to subscribe to email notifications" field in t...
vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50938)
vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the admincp/search.php?do=dosearch URI...
vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50935)
vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the Junior Member Title in the User Titl...
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI...
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI...
CVE-2020-25120
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI...
CVE-2020-25122
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager...
CVE-2020-25118
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...
CVE-2020-25117
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI...
CVE-2020-17451
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...
DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting
Exploit Title: DesignMasterEvents Conference management CMS SQL Injection Auth Bypass & XSS Vulnerability Google Dork: intext:"by :Design Master Events" Date: 2020-03-28 Exploit Author: @ThelastVvV Vendor Homepage: http://www.designmasterevents.com Version: 1.0 Tested on: Ubuntu...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-articles.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF...
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...
Design/Logic Flaw
The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...
CVE-2018-14729
The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...
CVE-2019-11426
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...
idreamsoft iCMS Directory Traversal Vulnerability (CNVD-2019-12122)
iCMS is an efficient and simple content management system built with PHP and MySQL. A directory traversal vulnerability exists in admincp.php?app=apps&do=save in idreamsoft iCMS 7.0.13, which can be exploited to delete arbitrary folders with the help of the 'app=' parameter and uninstall requests...