weimai-wetapp SQL注入漏洞

Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect operations with files/api/admin/sys-file/upload, which could lead to unlimited...

QRMenümPro Menu Panel security vulnerabilities

QRMenümPro Menu Panel is a backend management panel for the intelligent menu system developed by the Turkish company QRMenümPro. The QRMenümPro Menu Panel versions dated 29012026 and earlier contained security vulnerabilities. These vulnerabilities were caused by user-controllable keys that allow...

Ruoyi security vulnerabilities

Ruoyi is a backend management system developed by Ruoyi’s individual developer. The Ruoyi v4.8.2 version has a security vulnerability, which stems from improper access control in the update function. This vulnerability could allow unauthorized attackers to modify data beyond its intended scope...

Ruoyi 代码注入漏洞

Ruoyi is a backend management system for individual developers. Ruoyi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from improper handling of the parameter fragment in the file /monitor/cache/getnames, which may lead to code injection...

EUVD-2023-40075

Malicious code in bioql PyPI...

EUVD-2023-47694

Malicious code in bioql PyPI...

ELADMIN 授权问题漏洞

ELADMIN is a backend management system for elunez individual developers. An authorization issue vulnerability exists in ELADMIN version 1.1, which stems from improper authorization of the function deleteFile in the component LocalStorageController...

ruoyi-go 安全漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter orderByColumn/isAsc in the file modules/system/systemrouter.go...

CVE-2024-55086

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery SSRF can be achieved in the plug-in download address in the backend management system...

CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...

CVE-2023-46887

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability...

CVE-2023-36093

There is a storage type cross site scripting XSS vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3...

CVE-2023-43135

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management...

CVE-2022-40924

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "saveanimal" file of the "Animals" module in the background management system...

ELADMIN 代码问题漏洞

ELADMIN is a backend management system for elunez individual developers. A code issue vulnerability exists in ELADMIN version 2.7 that stems from deserialization...

springboot-manager 代码注入漏洞

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by an individual developer in China, liwenbin. A code injection vulnerability exists in springboot-manager version 3.0, which originates from cross-site scripting and...

CVE-2025-22212

A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the submission management area in backend...

CVE-2025-22212 Extension - tassos.gr - SQL injection in Convert Forms component version 1.0.0-1.0.0 - 4.4.9 for Joomla

A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the submission management area in backend...

CVE-2025-22211

A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the country management area in backend...