Lucene search
K

2125 matches found

Vulnrichment
Vulnrichment
added 2025/08/08 12:0 a.m.5 views

CVE-2025-50928

Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function...

7.7AI score0.00221EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.4 views

Easy Hosting Control Panel EHCP 安全漏洞

Easy Hosting Control Panel EHCP is a hosting control panel from Easy Hosting Control Panel, Inc. A security vulnerability exists in Easy Hosting Control Panel EHCP version v20.04.1.b. The vulnerability stems from an unfiltered id parameter in the Change Settings feature, which could lead to a SQL...

4.8CVSS7.5AI score0.00221EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2025/08/06 12:0 a.m.111 views

📄 Easy Hosting Control Panel 20.04.1.b SQL Injection

Easy Hosting Control Panel version 20.04.1.b suffers from multiple remote SQL injection vulnerabilities that affect the id and theorder parameters. Exploit Title: Easy Hosting Control Panel EHCP v20.04.1.b - SQL injection vulnerability via the id parameter Date: Aug 6, 2025 Exploit Author: Charan...

6.5CVSS7.7AI score0.0024EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/08/06 12:0 a.m.210 views

📄 Easy Hosting Control Panel 20.04.1.b Cross Site Scripting

Easy Hosting Control Panel version 20.04.1.b suffers from a cross site scripting vulnerability in the ftpusername parameter. This enables the attacker to inject malicious JavaScript payloads, leading to session hijacking, redirection to malicious sites, defacement, or other actions performed in t...

6.3CVSS5.7AI score0.00272EPSS
Exploits5
NVD
NVD
added 2025/07/31 3:15 p.m.5 views

CVE-2014-125123

An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...

10CVSS0.00667EPSS
Exploits0References6
Hacker One
Hacker One
added 2025/06/25 2:50 p.m.18 views

SingleStore: Exceed the maximum number of subscribers using Race Condition

A race condition vulnerability was discovered in the SingleStore control panel that allowed bypassing the maximum limit of five subscribers for alerts. The issue was patched and deployed to production...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/30 12:0 a.m.5 views

The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...

6.5CVSS7AI score0.08686EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.8 views

CVE-2024-25604

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...

6.5CVSS6.6AI score0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:6 a.m.3 views

CVE-2024-43218

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:46 a.m.12 views

CVE-2024-23335

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

4.7CVSS6.6AI score0.00559EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.3 views

CVE-2023-28467

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field...

6.1CVSS6.3AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.12 views

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

6.3CVSS6.8AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:38 a.m.7 views

CVE-2023-44259

Cross-Site Request Forgery CSRF vulnerability in Mediavine Mediavine Control Panel plugin = 2.10.2 versions...

8.8CVSS7.1AI score0.00227EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.6 views

CVE-2023-39415

Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an...

7.5CVSS7.3AI score0.00755EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-22953

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...

8.8CVSS8.1AI score0.01429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:8 a.m.1 views

CVE-2023-21126

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.9AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:12 a.m.8 views

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

4.9CVSS7.2AI score0.00645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.6 views

CVE-2022-23904

Rainworx Auctionworx 3.1R2 is vulnerable to a Cross-Site Request Forgery CSRF attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition...

8CVSS7AI score0.00432EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.6 views

CVE-2022-3967

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...

7.8CVSS7.4AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.7 views

CVE-2022-30863

FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...

4.8CVSS6AI score0.00534EPSS
Exploits1References1
Rows per page
Query Builder