Easy Address Book Web Server Cross-Site Scripting Vulnerability

Easy Address Book Web Server is a software. A cross-site scripting vulnerability exists in Easy Address Book Web Server version 1.6, which stems from a stored cross-site scripting XSS vulnerability in the usersadmin.ghp file...

PT-2023-32014 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop version 4.1.5 Description: A critical issue was found in the file /admin/leancloud.php, where the manipulation of the id argument leads to sql injection. This issue can be exploited remotely. Recommendations: For ECshop version 4.1.5,...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution RCE vulnerabilities at /admin/filemanagecontrol.php via the $activepath and $filename parameters...

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A code execution vulnerability exists in DedeBIZ version v6.2.11, which stems from the $activepath and $filename parameters in /admin/filemanagecontrol.php failing to correctly filter the special...

PT-2023-28740 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2.11 Description: The issue concerns multiple remote code execution RCE vulnerabilities. These vulnerabilities are located at the "/admin/file manage control.php" API endpoint via the $activepath and $filename parameters...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

Contest Management System Log Information Disclosure Vulnerability

Contest Management System is an open source contest management system from CMS development group. A security vulnerability exists in Contest Management System v1.4.rc1, which stems from a plaintext password in AddAdmin.py that allows an attacker to obtain sensitive information through audit logs...

PT-2023-26587 · Unknown · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /admin/search-appointment.php. The manipulation of the searchdata argument leads to s...

PT-2023-26398 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2.10 Description: A problematic issue has been found in DedeBIZ, affecting some unknown functionality of the file /admin/sys sql query.php. The manipulation of the sqlquery argument leads to sql injection. The attack can be...

Campcodes Retro Cellphone Online Store 跨站脚本漏洞

Campcodes Retro Cellphone Online Store is a retro cellphone online store by Campcodes. A cross-site scripting vulnerability exists in Campcodes Retro Cellphone Online Store version 1.0, which stems from the parameter un in the file /admin/addusermodal.php can lead to cross-site scripting...

PT-2023-24600 · Unknown · Campcodes Retro Cellphone Online Store

Name of the Vulnerable Software and Affected Versions: Campcodes Retro Cellphone Online Store version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file /admin/index.php. The manipulation of the username and password arguments leads to...

CVE-2023-3320

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the /admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and injec...

WordPress plugin favicon-by-realfavicongenerator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-22553 · Unknown · Beipyvideoresolution

Name of the Vulnerable Software and Affected Versions: BeipyVideoResolution versions up to 2.6 Description: A problematic vulnerability was found in BeipyVideoResolution, affecting an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting and can be...

CVE-2023-2773

A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file viewadmin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched...

PT-2023-20842 · Sourcecodester · Sourcecodester Personnel Property Equipment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Personnel Property Equipment System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Personnel Property Equipment System. The issue affects an unknown function of the file admin/add item.php,...

Wordpress Plugin Icons for Features 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An input validation error vulnerability...