Lucene search
K

55 matches found

CNNVD
CNNVD
added 2020/12/25 12:0 a.m.8 views

Cxuucms 跨站请求伪造漏洞

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS 3.1 suffers from a cross-site request forgery vulnerability. An attacker can add an administrator account via admin.php?c=adminuser&a=add to exploit this vulnerability...

6.5CVSS6.5AI score0.00434EPSS
Exploits1References2
Prion
Prion
added 2019/08/02 10:15 p.m.12 views

Cross site scripting

A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is...

3.5CVSS4.8AI score0.00557EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/06/10 6:43 p.m.1 views

GHSA-7RP2-FM2H-WCHJ Django Cross-site Scripting in AdminURLFieldWidget

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS6.9AI score0.02563EPSS
Exploits0References23
OSV
OSV
added 2019/06/03 5:29 p.m.4 views

PYSEC-2019-79

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS6.9AI score0.02563EPSS
Exploits0References18
OSV
OSV
added 2019/04/20 3:29 p.m.5 views

CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI...

8.8CVSS7.3AI score0.09853EPSS
Exploits5References3
OSV
OSV
added 2019/01/13 3:29 p.m.4 views

CVE-2019-6249

An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=editinfo&acttype=add...

8.8CVSS5.8AI score0.02979EPSS
Exploits5References2
CNVD
CNVD
added 2018/06/28 12:0 a.m.4 views

WordPress Metronet Tag Manager Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Metronet Tag Manager is used in one of the tracking code manager plugin. A cross-site request forgery vulnerabilit...

8.8CVSS8.7AI score0.00609EPSS
Exploits1References1
OSV
OSV
added 2018/04/22 1:29 a.m.6 views

CVE-2018-10266

BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/adminadmin.php?nav=listadminuser&adminpnav=user URI...

8.8CVSS5.8AI score0.006EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/17 12:0 a.m.5 views

PbootCMS Cross-Site Request Forgery Vulnerability

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A cross-site request forgery vulnerability exists in PbootCMS version 0.9.8. A remote attacker can exploit this vulnerability by sending admin.php/Message/mod/id/19.html?backurl=/index.p...

8.8CVSS7.2AI score0.00523EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2017/05/27 5:8 a.m.10 views

agentsproperty.in XSS vulnerability

Vulnerable URL: http://www.agentsproperty.in/admin/index.php?msg=1%22%27--!%3E%3CScript%20/K/%3Econfirm'OPENBUGBOUNTY'%3C/Script%20/K/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/25 12:0 a.m.39 views

WordPress iMember360is 3.9.001 XSS / Disclosure / Code Execution

------------ BACKGROUND ------------ "iMember360is a WordPress plugin that will turn a normal WordPress site into a full featured membership site. It includes all the protection controls you can imagine, yet driven by Infusionsoft's second-to-none CRM and e-commerce engine." --...

0.3AI score
Exploits0
0day.today
0day.today
added 2013/08/18 12:0 a.m.21 views

WIWOS Enpowering Web Solutions SQL Injection Vulnerability

WIWOS Enpowering Web Solutions SQL Injection Vulnerability .:. Author : larcenciels .:. Contact : email protected | email protected .:. Site : http://winnerawan.com/ Dork: "Enpowered by: wiwos" dork: intext:"Enpowered by: wiwos" vuln: apps/ProductManager/ i use sqlmap poc:...

8AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/04 12:0 a.m.37 views

Smart Vision Script News SQL Injection Exploit

!usr/bin/perl Exploit Title: Smart Vision Script News newsdetail SQL Injection Exploit Date: 01-04-2010 Author: darkmasking This was written for educational purpose only. Use it at your own risk. Author will be not responsible for any damage! Vuln discovered by Err0R Smart Vision Script News...

0.7AI score
Exploits0
Prion
Prion
added 2007/02/06 2:28 a.m.15 views

Design/Logic Flaw

EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer...

7.5CVSS7AI score0.02407EPSS
Exploits1References5Affected Software1
Atlassian
Atlassian
added 2005/10/01 5:56 p.m.31 views

NPE in SpaceHelper borks page....

If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder