57 matches found
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17217)
Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/import-csv.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems fro...
CVE-2020-10413
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-html.php by adding a question mark ? followed by the payload...
CVE-2020-10412
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-csv.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-html.php by adding a question mark ? followed by the payload...
CVE-2020-10413
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-html.php by adding a question mark ? followed by the payload...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2349: Arbitrary code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
Design/Logic Flaw
DISPUTED There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import customtype. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage o...
CVE-2018-16258
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import customtype. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...
PT-2019-9290 · WordPress · Wp All Import
Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability via the pmxi-admin-import custom type. It is noted that the vendor disputes this being a vulnerability, citing that WP All Import can only be used by a...
Remote Code Execution (RCE)
yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzipfile in admin/import/class-import-settings.php...
WordPress Yoast SEO Plugin Competitive Conditions Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. Yoast SEO wordpress-seo plugin is used in one of the search engine optimization plugin. A competitive conditio...
CVE-2018-19197
An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths=../ directory traversal...
CMS Made Simple Remote Code Execution Vulnerability (CNVD-2018-08983)
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A remote code execution vulnerability exists in th...
DEBIAN-CVE-2007-1732
Cross-site scripting XSS vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...