PT-2025-51353

Name of the Vulnerable Software and Affected Versions FreePBX tts module versions prior to 16.0.5 FreePBX tts module versions prior to 17.0.5 Description The Text to Speech tts module for FreePBX, a web-based graphical user interface for Asterisk, contains a SQL injection flaw. Authenticated user...

CVE-2025-55211 FreePBX Post-Authenticated Command Injection

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

CVE-2025-55211

CVE-2025-55211 affects FreePBX up to version 17.0.21, where authenticated users in the Administrator Control Panel could execute arbitrary shell commands by maliciously changing the language setting of the framework module. Root cause: language manipulation in the framework module allows command ...

CVE-2025-55211 FreePBX Post-Authenticated Command Injection

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

PT-2025-37763

Name of the Vulnerable Software and Affected Versions: FreePBX versions 17.0.19.11 through 17.0.20 Description: FreePBX is a web-based graphical user interface. Authenticated users of the Administrator Control Panel ACP can execute arbitrary shell commands by manipulating the framework module's...

Design/Logic Flaw

SmartPTT SCADA 1.1.0.0 allows remote code execution when the attacker has administrator privileges by writing a malicious C script and executing it on the server via server settings in the administrator control panel on port 8101, by default...

CVE-2023-30459

CVE-2023-30459 affects SmartPTT SCADA 1.1.0.0. The vulnerability enables remote code execution by writing a malicious C# script and executing it on the server via the administrator control panel (port 8101 by default) when the attacker has administrator privileges. This is supported by multiple c...

Rainworx Auctionworx 跨站请求伪造漏洞

Rainworx Auctionworx is an online auction software. A security vulnerability previously existed in Rainworx Auctionworx version 3.1R2 that allowed authenticated users to upgrade their account to administrator and gain access to the Auctionworx administrator control panel, resulting in a cross-sit...

MyBB Cross-Site Scripting Vulnerability (CNVD-2021-103573)

MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. MyBB has a cross-site scripting vulnerability in versions prior to 1.8.28, which stems from the lack of proper validation of client-side data in the template name displayed in the theme management of the WEB...

CVE-2020-25116

The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...

OpenGB 1.2.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications OpenGB version 1.2.3 Cross Site Scripting XSS Vulnerability ================================================================= Discovered by NA, NAattutanota.com ====================================== Description ============ A simple PHP MySQL...

OpenGB 1.2.3 Cross Site Scripting

OpenGB version 1.2.3 Cross Site Scripting XSS Vulnerability ================================================================= Discovered by NA, NAattutanota.com ====================================== Description ============ A simple PHP MySQL website guestbook, user friendly and easily...

CVE-2006-4463

SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter aka the Password field...

[eVuln] phphg Guestbook Multiple Vulnerabilities

New eVuln Advisory: phphg Guestbook Multiple Vulnerabilities http://evuln.com/vulns/58/summary.html --------------------Summary---------------- eVuln ID: EV0058 CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphg...