15 matches found
CVE-2020-10480
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request...
EUVD-2025-204538
A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addcategory.php. Performing manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now...
EUVD-2020-2933
Malware in sbrugna...
EUVD-2017-6657
Malware in sbrugna...
CVE-2017-15197
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user...
CVE-2025-1874 SQL injection vulnerability in 101news
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php...
CVE-2024-0385
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2023-5415
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2022-28051
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code...
Cybozu Garoon 输入验证错误漏洞
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An input validation error vulnerability exists in Cybozu Garoon, which stems from insufficient validation of...
CVE-2021-43154
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
CVE-2021-25046
The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS...
CVE-2021-24625
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...
CVE-2020-10480
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request...
CVE-2017-16799
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882...