Exploit for Cross-site Scripting in Beetel 777Vr1_Firmware

CVE-2020-25498: Stored XSS via CSRF in Beetel 777VR1 Router...

Code injection

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...

Hostel Management System 2.1 Cross Site Scripting

Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City Google Dork: N/A Date: 2020-10-08 Exploit Author: Kokn3t Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-syste...

Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)

Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City Google Dork: N/A Date: 2020-10-08 Exploit Author: Kokn3t Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-syste...

CVE-2020-22842

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

CVE-2020-25088

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php...

Microweber Code Issue Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A code issue vulnerability exists in admin/view:modules/loadmodule:usersedit-user=1 in...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...

CVE-2019-17299

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user...

CVE-2019-17315

SugarCRM is affected by a PHP object injection in the Administration module. The vulnerability exists in SugarCRM versions prior to 8.0.4 and 9.x prior to 9.0.2, exploitable by an Admin user without required complex interactions. Root cause is inadequate validation in the Administration module th...

CVE-2019-10687

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id= request...

Sql injection

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id= request...

CVE-2018-18772

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=sendssh, as demonstrated by executing an arbitrary OS command...

Design/Logic Flaw

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter...

Cross site request forgery (csrf)

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password...

Ladder CMS Cross-Site Scripting Vulnerability

Tianti tianti is a free lightweight CMS system written in Java , currently provides a total solution from the back-end management to the front-end display . A cross-site scripting vulnerability exists in the user management module in tianti 2.3, which can be exploited by an attacker via the...

Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery

Exploit for php platform in category web applications Exploit Title: Aplaya Beach Resort Online Reservation System 1.0 - Multiple Vulnerabilities Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

SIM-PKH 2.4.1 SQL Injection

Exploit Title: SIM-PKH 2.4.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

DESTOON B2B Cross-Site Scripting Vulnerability (CNVD-2018-21499)

DESTOON B2B is a PHP and MySQL based on open source B2B e-commerce website management system . A cross-site scripting vulnerability exists in DESTOON B2B version 7.0. Remote attackers can use the admin.php?moduleid=2&action=add URI text box to inject arbitrary Web script or HTML...

CVE-2018-18485

An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock...