1595 matches found
CVE-2018-18380
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session...
CVE-2018-18380
CVE-2018-18380 affects BigTree (Bigtree) CMS prior to 4.2.24. The admin.php flow accepts a user-supplied PHP session ID after login instead of regenerating a new one, enabling session hijacking (session fixation). Documents indicate this is fixed in 4.2.24; remediation is to upgrade to 4.2.24 or ...
CVE-2018-18486
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
Sql injection
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
CVE-2018-18486
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
Design/Logic Flaw
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Design/Logic Flaw
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Cross site request forgery (csrf)
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18431
DESTOON B2B 7.0 contains a cross-site scripting (XSS) vulnerability exposed via text boxes when visiting admin.php?moduleid=2&action=add. The CVE entry and CNVD/NVD variants describe the same issue, with no explicit details on affected build flavors beyond version 7.0 and the vulnerable input poi...
CVE-2018-18432
Summary: DESTOON B2B 7.0 is affected by a CSRF vulnerability that can be exploited via the admin.php URI with an action=add request. Multiple sources (NVD entry CVE-2018-18432 and CNVD/NVD references) confirm a CSRF flaw in DESTOON B2B 7.0. The CVSS metrics indicate a network-based, high-severity...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18191
CVE-2018-18191 describes a Cross‑Site Request Forgery (CSRF) vulnerability in Dayrui FineCms 5.4, specifically in /admin.php?c=member&m=edit&uid=1, which allows remote attackers to change the administrator’s password. The connected documents confirm the affected product/version and the vulnerable...
Cross site scripting
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
CVE-2018-18082
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
CVE-2018-18069
processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...