2125 matches found
CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function...
Easy Hosting Control Panel EHCP 安全漏洞
Easy Hosting Control Panel EHCP is a hosting control panel from Easy Hosting Control Panel, Inc. A security vulnerability exists in Easy Hosting Control Panel EHCP version v20.04.1.b. The vulnerability stems from an unfiltered id parameter in the Change Settings feature, which could lead to a SQL...
📄 Easy Hosting Control Panel 20.04.1.b SQL Injection
Easy Hosting Control Panel version 20.04.1.b suffers from multiple remote SQL injection vulnerabilities that affect the id and theorder parameters. Exploit Title: Easy Hosting Control Panel EHCP v20.04.1.b - SQL injection vulnerability via the id parameter Date: Aug 6, 2025 Exploit Author: Charan...
📄 Easy Hosting Control Panel 20.04.1.b Cross Site Scripting
Easy Hosting Control Panel version 20.04.1.b suffers from a cross site scripting vulnerability in the ftpusername parameter. This enables the attacker to inject malicious JavaScript payloads, leading to session hijacking, redirection to malicious sites, defacement, or other actions performed in t...
CVE-2014-125123
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
SingleStore: Exceed the maximum number of subscribers using Race Condition
A race condition vulnerability was discovered in the SingleStore control panel that allowed bypassing the maximum limit of five subscribers for alerts. The issue was patched and deployed to production...
The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...
CVE-2024-25604
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...
CVE-2024-43218
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...
CVE-2024-23335
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2023-28467
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...
CVE-2023-52363
Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...
CVE-2023-44259
Cross-Site Request Forgery CSRF vulnerability in Mediavine Mediavine Control Panel plugin = 2.10.2 versions...
CVE-2023-39415
Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an...
CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...
CVE-2023-21126
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-43709
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...
CVE-2022-23904
Rainworx Auctionworx 3.1R2 is vulnerable to a Cross-Site Request Forgery CSRF attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition...
CVE-2022-3967
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...