Lucene search
K

132 matches found

Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.3 views

PT-2023-29775 · Unknown · Thirty Bees Core

Name of the Vulnerable Software and Affected Versions: Thirty Bees Core version 1.4.0 Description: The issue is a reflected cross-site scripting XSS vulnerability. It allows attackers to execute arbitrary JavaScript in a user's web browser via a crafted payload. The vulnerability is exploited...

6.1CVSS6AI score0.00312EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.8 views

PT-2023-22794 · Yfcmf · Yfcmf

Name of the Vulnerable Software and Affected Versions: YFCMF versions up to 3.0.4 Description: A problematic issue affects the processing of the file app/admin/controller/Ajax.php. The manipulation of the controllername argument leads to path traversal, allowing an attacker to access files using...

9.8CVSS5AI score0.01208EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

CLTPHP 代码问题漏洞

CLTPHP is an open source PHP content management system for efficient website building. A security vulnerability exists in CLTPHP 6.0 and earlier versions, which originates from an attacker being able to upload dangerous types of files without restriction via...

9.8CVSS8.4AI score0.00743EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.6 views

The vulnerability of the remote function (application\admin\controller\Upload.php) in the tpAdmin library allows a attacker to perform an SSRF attack.

The vulnerability of the remote function in the application\admin\controller\Upload.php file of the tpAdmin library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack...

6.5CVSS6.2AI score0.00636EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/03/12 12:0 a.m.5 views

Online Ordering System 跨站脚本漏洞

Online Ordering System is a multi-store ordering system for janobe individual developers. It can be used for any small business. A cross-site scripting vulnerability exists in SourceCodester Gadget Works Online Ordering System version 1.0, which stems from a problem with the file...

4.8CVSS3.9AI score0.00604EPSS
Exploits1References4
OSV
OSV
added 2023/03/09 9:15 p.m.3 views

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

9.1CVSS7.4AI score0.00606EPSS
Exploits1References1
NVD
NVD
added 2023/03/09 9:15 p.m.48 views

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

9.1CVSS9.3AI score0.00606EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.2 views

SENS 跨站脚本漏洞

SENS is an enterprise blog system by saysky individual developer. A cross-site scripting vulnerability exists in SENS v1.0, which originates from a cross-site scripting attack XSS on com.liuyanzhao.sens.web.controller.admin, getRegister...

5.4CVSS5.3AI score0.00343EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.3 views

PT-2022-27637 · Sens · Sens

Name of the Vulnerable Software and Affected Versions: SENS version 1.0 Description: The issue is related to Cross Site Scripting XSS via the com.liuyanzhao.sens.web.controller.admin controller, specifically the getRegister function. This allows for potential malicious script execution...

5.4CVSS5.2AI score0.00343EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.15 views

PT-2022-26790 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: XXL-Job versions prior to 2.3.1 Description: The issue is related to a Server-Side Request Forgery SSRF in the component /admin/controller/JobLogController.java. This allows for potential exploitation. Recommendations: For versions prior to...

8.8CVSS6.9AI score0.01602EPSS
Exploits1References10
OSV
OSV
added 2022/09/16 9:1 p.m.18 views

GHSA-QC43-PGWQ-3Q2Q Shopware access control list bypassed via crafted specific URLs

Impact If backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Patches We recommend updating to the current version 5.7.15. You can get the update to 5.7.15 regularly via the Auto-Updater or...

6.3CVSS6.5AI score0.00613EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/04/05 6:15 p.m.2 views

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

8.8CVSS7.3AI score0.00942EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.5 views

XpressEngine 跨站脚本漏洞

XpressEngine XE is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. With an open source license, anyone can use or modify it, and as an open project, anyone can participate in its development. XE suffers from a security vulnerability that stem...

5.4CVSS6AI score0.00569EPSS
Exploits1References2
OSV
OSV
added 2021/12/22 11:15 p.m.2 views

CVE-2020-20605

Blog CMS v1.0 contains a cross-site scripting XSS vulnerability in the /controller/CommentAdminController.java component...

6.1CVSS5.7AI score0.00652EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.3 views

xujinliang zibbs 跨站脚本漏洞

zibbs is a php light forum system developed on bootstrap. zibbs version 1.0 has a cross-site scripting vulnerability in application/controllers/AdminController.php. An attacker can exploit this vulnerability to execute arbitrary code via the bbsmeta parameter...

9.6CVSS5.8AI score0.01316EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2021/04/21 12:0 a.m.323 views

GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

9.8CVSS7.4AI score0.80467EPSS
Exploits12
GitLab Advisory Database
GitLab Advisory Database
added 2020/11/13 12:0 a.m.26 views

SQL Injection

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...

7.2CVSS2.9AI score0.01028EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/04/01 4:29 p.m.5 views

CVE-2019-10684

Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit sitedomain parameter...

9.8CVSS7.6AI score0.02411EPSS
Exploits1References1
CVE
CVE
added 2019/01/04 2:0 p.m.47 views

CVE-2019-5310

YUNUCMS 1.1.8 is affected by a cross‑site scripting vulnerability in app/admin/controller/System.php. The issue allows crafted data to be written to the sys.php file, demonstrated by using site_title in an admin/system/basic POST request. This represents an XSS risk as described across multiple s...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/30 12:0 a.m.2 views

SDCMS Directory Traversal Vulnerability

SDCMS is a PHP and MySQL based enterprise station building content management system CMS from China Fireworks Network Technology Company. A directory traversal vulnerability exists in the app/plug/attachment/controller/admincontroller.php page in SDCMS version 1.6. The vulnerability can be...

7.5CVSS7.5AI score0.02024EPSS
Exploits1References1
Rows per page
Query Builder