WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin WP YouTube Live 1.7.21 and previous versions are vulnerable to a cross-site scripting vulnerability, which stems from the plugin being vulnerable to a reflected cross-site scripting attack via POST data in the...

PT-2022-13747 · Sap · Sap Information System

Name of the Vulnerable Software and Affected Versions: SAP Information System version 1.0 Description: A critical issue was found, allowing an unauthenticated attacker to create a new admin account for the web application with a simple POST request to the "add admin.php" file, located at the "/SA...

Aseco Lietuva document management system DVS Avilys 日志信息泄露漏洞

Aseco Lietuva document management system DVS Avilys is a document and process management system from Aseco Poland. Aseco Lietuva document management system DVS Avilys A log message disclosure vulnerability exists in versions prior to 2022-03-10, which stems from the reporting module allowing...

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

Remote code execution

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

Croogo 代码问题漏洞

Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. A security vulnerability exists in Croogo 3.0.2, which can be exploited to allow...

WordPress Orange Form Plugin SQL Injection Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the processbulkaction functi...

CVE-2022-24253

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet...

CVE-2022-25104

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/...

CVE-2022-25104

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/...

HorizontCMS 安全漏洞

HorizontCMS is a customer relationship management web platform for individual developers. A security vulnerability exists in HorizontCMS, which was discovered to contain an arbitrary file download vulnerability via the /admin/file-manager/ component...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt...

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WorkPress Plugin suffers from a cross-sit...

WordPress InviteBox Plugin <= 1.4.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the /admin/admin.php file which allows attackers to inject arbitrary web scripts...

DEBIAN-CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

CVE-2021-34651

The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the /includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...