CVE-2022-46102

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fstdown.inc.php...

CVE-2025-3444

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion LFI in the Admin module, where help card content is loaded...

ZOHO ManageEngine ServiceDesk Plus 安全漏洞

ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software based on ITIL architecture from ZOHO. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules. A security vulnerability exists...

PT-2025-22455 · Zohocorp · Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 Description: The issue concerns an authenticated Local File Inclusion LFI in the Admin module of the software, specifically where help card content is...

CVE-2025-45820

Slims Senayan Library Management Systems 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/popauthoredit.php...

CVE-2024-25602

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

Maid Hiring Management System search-booking-request.php file cross-site scripting vulnerability

Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that stems from the lack of adequate validation and filtering of searchdata parameter inputs in the file /admin/search-booking-request.php. No details ...

CVE-2024-54933

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletecontent.php...

Tmall_demo SQL注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A SQL injection vulnerability exists in Tmalldemo 20240901 and earlier versions, which stems from the improper handling of the orderBy parameter in the orderMapper.select function in the tmall/admin/order/1/1 file...

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

PT-2024-40406 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.17 up to 1.17.7 Description: The issue concerns an endpoint in the admin module of SimpleSAMLphp that exposes the output of the phpinfo PHP function, allowing any individual to access it without authenticating and...

Aplaya Beach Resort Online Reservation System SQL注入漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system of Aplaya Beach Resort. SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 has a SQL injection vulnerability that originates from a SQL injection in the id parameter of the...

Aplaya Beach Resort Online Reservation System SQL注入漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system of Aplaya Beach Resort. SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 has a SQL injection vulnerability that originates from a SQL injection in the categ/end parameter of the...

Liferay Portal 7.4.x < 7.4.3.4 Multiple Vulnerabilities

The version of Liferay Portal installed on the remote host is prior to 7.4.3.4. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pac...

Cross Site Scripting

Liferay Portal is vulnerable to Cross Site Scripting. The vulnerability is present in the Users Admin module's edit user page. The vulnerability is due to insufficient sanitization of user input in the "Name" text field, allowing remote authenticated users to inject arbitrary web script or HTML v...

Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. PoC - Log in as an administrator, and visit /wp-admin/. - Add a Catalog Product in /wp-admin/admin.php?page=fancyproductdesigner -...

Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to:...

CVE-2023-7226

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be...

Design/Logic Flaw

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be...