71 matches found
PT-2023-30259 · Jspxcms · Jspxcms
Name of the Vulnerable Software and Affected Versions: Jspxcms version 10.2.0 Description: There is a Cross Site Scripting XSS issue in the "choose style tree.do" interface of the backend. This affects the ability to securely interact with the system, potentially allowing malicious scripts to be...
Red Hat APICast 安全漏洞
Red Hat APICast is an interface for handling API requests from Red Hat, Inc. A security vulnerability exists in Red Hat APICast that stems from calling an API backend with an incorrect JWT token proxy without proper authorization checks...
CVE-2022-38808
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface...
HackerOne: Ability to escape database transaction through SQL injection, leading to arbitrary code execution
HackerOne has an internal backend interface that gives debugging capabilities to its engineers. One of the features is the ability to run EXPLAIN ANALYZE queries against a connected database. This feature is accessible by a handful of engineers. The feature is vulnerable to a SQL injection that...
Unauthorized Access Vulnerability in Streaming Media Management Server of Hangzhou Hikvision System Technology Co.
Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. There is an unauthorized access vulnerability in the streaming media management server of Hangzhou Hikvision Systems Technology Co. Ltd, which can be exploited by an attacker to obtain the...
Unauthorized Access Vulnerability in qBittorrent
QBittorrent is a new lightweight BitTorrent client that runs on Linux, windows and other possible systems. An unauthorized access vulnerability exists in qBittorrent, which can be exploited by an attacker to gain direct access to the backend interface...
Logic Flaw Vulnerability in OurPHP Backend Administration Interface
OurPHP is an enterprise website builder that incorporates e-commerce features. A logic flaw vulnerability exists in OurPHP's backend management interface, which can be exploited by attackers to modify high-privileged administrator passwords...
TYPO3 Backend User Interface and Install Tool Component Cross-Site Scripting Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the Backend User Interface and Install Tool components in TYPO3 versions 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1. An attacker could exploit the...
TYPO3 Backend User Interface Component Code Issue Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A code issue vulnerability exists in the Backend User Interface component in TYPO3 versions 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1. The vulnerability stems from an improper design o...
SQL Injection Vulnerability in Apple CMS-V7 Backend Get Info Interface
Apple CMS program is a perfect and powerful rapid website building system running on PHP+MYSQL environment. There is a SQL injection vulnerability in the backend interface of Apple CMS-V7 version to obtain information. The reason for the vulnerability stems from the fact that the program does not...
CVE-2017-9135
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program...