10 matches found
Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...
GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...
CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...
CVE-2026-25892
Summary: Adminer
CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...
CVE-2026-25892 Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key
No description provided by source. ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access from non-privilege...
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key
Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...
No-CMS 0.6.6 Rev 1 Account Hijack / Remote Command Execution
mcryptexists = functionexists'mcryptencrypt';...
No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key
No-CMS 0.6.6 rev 1 - Admin Account Hijacking Remote Code Execution via Static Encryption Key ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit...