Lucene search
K

140 matches found

CNNVD
CNNVD
added 2024/04/03 12:0 a.m.4 views

Internship Portal Management System SQL注入漏洞

Internship Portal Management System is an internship portal management system by the individual developer ChatikoboL. A SQL injection vulnerability exists in Internship Portal Management System version 1.0, which originates from a SQL injection vulnerability in the username/password parameter of...

9.8CVSS7AI score0.00766EPSS
Exploits1References5
OSV
OSV
added 2024/01/29 8:15 p.m.4 views

CVE-2024-1018

A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/indextab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

6.1CVSS3.5AI score
Exploits0References3
NVD
NVD
added 2023/12/25 1:15 a.m.25 views

CVE-2023-7096

A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

9.8CVSS0.00672EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2023/12/11 9:15 p.m.3 views

CVE-2023-49490

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...

6.1CVSS6.2AI score0.00446EPSS
Exploits1References2
OSV
OSV
added 2023/11/02 10:15 p.m.3 views

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

9.8CVSS6.2AI score0.01293EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.15 views

Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection

Description The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

7.2CVSS7.5AI score0.00783EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-11568 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.10-dev2 Description: The issue allows a remote attacker to execute arbitrary php code via the hidden parameter to "admin.php" when editing a page. Recommendations: For Pluck CMS version 4.7.10-dev2, as a temporary...

7.2CVSS7.9AI score0.01137EPSS
Exploits1References6
OSV
OSV
added 2023/06/15 5:15 p.m.3 views

CVE-2023-34880

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the addaction method at lib/admin/languageadmin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion...

9.8CVSS6.1AI score0.01072EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.3 views

Bus Dispatch and Information System SQL注入漏洞

Bus Dispatch and Information System is a bus dispatch and information system. A SQL injection vulnerability exists in Bus Dispatch and Information System version 1.0, which stems from an unknown function in viewadmin.php that causes sql injection via the parameter branchid...

9.8CVSS7.1AI score0.00743EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.7 views

PT-2023-16334 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file admin/abc.php. The manipulation of the id argument leads to SQL injection. I...

6.3CVSS5.9AI score0.00569EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.6 views

Dynamic Transaction Queuing System SQL注入漏洞

Dynamic Transaction Queuing System is a dynamic transaction queuing system using PHP/MySQL by Carlo Montero, a personal developer. A security vulnerability exists in Dynamic Transaction Queuing System v1.0, which stems from the id parameter of its /admin/ajax.php?action=savequeue component that...

9.8CVSS8.6AI score0.00602EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.25 views

CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.3AI score0.17686EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/11/13 12:0 a.m.6 views

PT-2022-24990 · Unknown · Pingkon Hms-Php

Name of the Vulnerable Software and Affected Versions: Pingkon HMS-PHP affected versions not specified Description: A critical vulnerability has been found in Pingkon HMS-PHP, affecting an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the...

9.8CVSS9.5AI score0.00565EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/05/03 9:15 p.m.2 views

CVE-2022-27413

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php...

9.8CVSS5.9AI score0.02945EPSS
Exploits1References2
OSV
OSV
added 2022/03/25 7:15 p.m.8 views

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

6.1CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2022/03/25 12:0 a.m.5 views

Maccms 跨站脚本漏洞

Maccms is a PHP-based film and television content management system CMS. maccms v10 version of the cross-site scripting vulnerability, the vulnerability stems from the wd parameter in /admin.php/admin/ulog/index.html lack of user-supplied data and output data validation filter, an attacker can us...

6.1CVSS5.2AI score0.00547EPSS
Exploits1References2
OSV
OSV
added 2022/02/24 3:15 p.m.3 views

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

9.8CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.5 views

JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. An information disclosure vulnerability exists in the JqueryForm.com Jquery Form Builder, which stems from forms generated by JQueryForm.com prior to February 5, 2022 that allow a remote authenticated attacker to acces...

6.5CVSS6.6AI score0.01187EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.5 views

Cacti 跨站脚本漏洞

Cacti is an open source set of network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, uses RRDtool drawing graphs for analysis, and provides data and user management features. a cross-site scripting vulnerability exists in Cacti, which stems from Cac...

5.4CVSS5.2AI score0.00532EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.5 views

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS suffers from an access control error vulnerability that stems from an incorrect access control vulnerability in zzcms via admin.php, which can be exploited by an attacker to directly access the administrator console afte...

9.8CVSS5.6AI score0.01797EPSS
Exploits1References2
Rows per page
Query Builder