CVE-2018-10132

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...

MiniCMS 授权问题漏洞

MiniCMS is a mini content management system designed for personal websites by the individual developer of Dada bg5sbk. An authorization issue vulnerability exists in MiniCMS 1.8 and earlier versions, which stems from incorrect operation of the file /minicms/mc-admin/post.php of the component Tras...

EUVD-2025-205636

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php...

CVE-2025-15188

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

PT-2025-53715

Name of the Vulnerable Software and Affected Versions Campcodes Complete Online Beauty Parlor Management System version 1.0 Description A flaw exists in Campcodes Complete Online Beauty Parlor Management System 1.0 that could allow for cross site scripting. The issue is located in the...

Complete Online Beauty Parlor Management System /bwdates-reports-details.php file cross-site scripting vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter...

PT-2025-52450

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0 Description A flaw exists in Campcodes Supplier Management System that allows for remote code execution. The issue is located in the file /admin/add category.php. Manipulation of the...

Campcodes Advanced Voting Management System 授权问题漏洞

CampCodes Advanced Voting Management System is an advanced voting management system from CampCodes Philippines. An authorization issue vulnerability exists in Campcodes Advanced Voting Management System version 1.0, which stems from improper handling of the parameter ID in the file...

PT-2025-51164

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update user.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been mad...

CVE-2025-65472

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

CVE-2025-14519

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

PT-2025-50613

Name of the Vulnerable Software and Affected Versions baowzh hfly versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c Description A security flaw exists due to cross site scripting in the processing of the /admin/index.php/advtext/add file within the advtext Module. The attack can be carri...

CVE-2025-14251

The CVE-2025-14251 entry concerns code-projects Online Ordering System v1.0. A SQL injection vulnerability exists in the Admin Login module, specifically via manipulation of the Username argument in the /admin/ path. The issue is exploitable remotely and is associated with the Admin Login compone...

code-projects Online Ordering System 安全漏洞

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file /admin/. An attacker can exploit this vulnerability t...

PT-2025-49563

Name of the Vulnerable Software and Affected Versions code-projects Online Ordering System version 1.0 Description A security issue exists in code-projects Online Ordering System 1.0. The vulnerability involves the manipulation of the Username argument, leading to SQL injection. This affects an...

CVE-2025-13622

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-13623

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13622

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-13623

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...