2125 matches found
Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Algo 8028 Control Panel - Remote Code Execution RCE Authenticated Google Dork: intitle:"Algo 8028 Control Panel" Shodan: title:"Algo 8028 Control Panel" Date: 2022-06-07 Exploit Author: Filip Carlsson Vendor Homepage: https://www.algosolutions.com/ Software Link:...
CVE-2022-1657
Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...
FUDForum Cross-Site Scripting Vulnerability (CNVD-2022-70052)
FUDForum is a PHP-based forum software. version 3.1.2 of FUDForum contains a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks with the help of the pageu title parameter of the page manager in the administration control panel...
FUDForum Remote Code Execution Vulnerability
FUDForum is a PHP-based open source forum software.FUDForum versions prior to 3.1.2 are vulnerable to remote code execution. An attacker can use this vulnerability to execute remote code with the help of the upload file function of the file management system in the administration control panel...
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
Cross site scripting
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
Remote code execution
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
CVE-2022-30863
CVE-2022-30863 affects FUDForum 3.1.2 and is documented as a Cross-Site Scripting (XSS) vulnerability via the page_title parameter in the Page Manager of the Admin Control Panel. The provided connected sources consistently describe the issue but do not specify technical details beyond the vulnera...
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to remote code execution via the Upload File feature of the File Administration System in the Admin Control Panel. Connected advisories and vendor pages consistently describe an arbitrary file upload vulnerability that could allow code execution on affected systems. S...
phpBB Cross-Site Request Forgery (CSRF)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
GHSA-VJ3X-VFM4-HVXC phpBB Cross-Site Request Forgery (CSRF)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
The vulnerability of the Admin CP configuration module of the MyBB forum creation software allows a hacker to execute arbitrary code.
The vulnerability of the Admin CP module for the MyBB forum creation software is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Jupiter < 6.10.2 - Subscriber+ Arbitrary Plugin Deletion
Any authenticated user, such as subscriber, can delete arbitrary plugins via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file...
GHSA-H3MR-Q96R-37V4 phpBB Remote Code Execution
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...