1594 matches found
CVE-2022-27475
CVE-2022-27475 is an XSS vulnerability in tramyardg hotel-mgmt-system (version 1.0) due to lack of proper data validation/escaping in /admin.php. Exploitation would allow execution of arbitrary JavaScript in the victim’s browser; impact details are described in the linked records as client-side s...
CVE-2022-27884
Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...
CVE-2022-27885
Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...
CVE-2022-27886
Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...
Cross site scripting
Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...
CVE-2022-27887
Summary: CVE-2022-27887 affects Maccms v10 and is a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. The issue is described across multiple feeds (NVD/Red Hat/CNVD/CNNVD, etc.) with consistent details that the vulnerability originates ...
CVE-2022-27887
Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/vod/data.html via the repeat parameter...
CVE-2022-27886
Maccms v10 contains a reflected XSS in /admin.php/admin/ulog/index.html via the wd parameter. The issue is reported across multiple sources (CVE-2022-27886) and is confirmed in Red Hat/CNVD/CVE listings, describing a JavaScript-injection style vulnerability that could be triggered by user-supplie...
CVE-2022-27885
Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...
CVE-2022-27884
CVE-2022-27884 affects Maccms v10 and is a reflected cross-site scripting (XSS) vulnerability in the admin interface, specifically in /admin.php/admin/plog/index.html via the wd parameter. The root cause is insufficient input validation/escaping of user-supplied data in that parameter, enabling i...
CVE-2022-27885
CVE-2022-27885 affects Maccms v10 with multiple reflected XSS vulnerabilities in /admin.php/admin/website/data.html, exploitable via select and input parameters due to insufficient output filtering. Root cause described as lack of user-supplied data validation and filtering, enabling JavaScript i...
CVE-2022-26573
Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...
CVE-2020-21554
A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...
Arbitrary file deletion
A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...
TaoCMS arbitrary file reading vulnerability
Taocms is a micro Cms content management system in China.TaoCMS has an arbitrary file reading vulnerability that can be exploited by attackers via admin.php?action=file & ctrl=download & path=... /... /1.txt to read any file...
Loki RAT (Relapse) SQL Injection
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...
Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: Directory Traversal - Arbitrary File Delete Description: The LokiRAT...
CVE-2022-25403
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...
Sql injection
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...
CVE-2022-25403
CVE-2022-25403 affects HMS v1.0, with a SQL injection vulnerability in the admin.php component. The issue stems from inadequate handling/validation of user input in admin.php, allowing injection of arbitrary SQL statements. Reported impact in CVSS indicates high severity with partial confidential...