Lucene search
K

138 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/25 11:33 p.m.5 views

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

7.1CVSS5.5AI score0.00243EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/08 12:30 a.m.7 views

EUVD-2026-5702

A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...

9.8CVSS5.3AI score0.00381EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/07 10:2 p.m.30 views

CVE-2026-2114 itsourcecode Society Management System edit_admin.php sql injection

A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...

7.5CVSS0.00381EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.5 views

CVE-2022-38621

Doufox v0.0.4 was discovered to contain a remote code execution RCE vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS9AI score0.24058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.10 views

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the newsedit.php newsid parameter is vulnerable to SQL Injection...

7.2CVSS7.6AI score0.0104EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.9 views

CVE-2024-2285

A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/memberedit.php. The manipulation of the argument name leads to cross site scripting. The attack may be...

6.1CVSS6AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 4:10 a.m.7 views

CVE-2025-15456

A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been...

7.5CVSS6.1AI score0.00391EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 4:2 a.m.13 views

CVE-2025-15456

CVE-2025-15456 affects bg5sbk MiniCMS versions up to 1.8. The vulnerability targets an unknown function in the file /mc-admin/page-edit.php of the Publish Page Handler, enabling improper authentication and potentially allowing remote exploitation. Multiple sources note that the exploit has been d...

7.5CVSS6.9AI score0.00391EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.6 views

MiniCMS 授权问题漏洞

MiniCMS is a mini content management system designed for personal websites by the individual developer of Dada bg5sbk. An authorization issue vulnerability exists in MiniCMS 1.8 and earlier versions, which stems from incorrect manipulation of the file /mc-admin/page-edit.php of the component...

7.5CVSS7.2AI score0.00391EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/04 12:32 p.m.24 views

CVE-2026-0579 code-projects Online Product Reservation System POST Parameter edit.php sql injection

A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prodid/name/price/model/serial results in sql injection. The atta...

7.5CVSS0.00374EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/27 12:5 a.m.21 views

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

6.5CVSS6.9AI score0.00597EPSS
Exploits2References1
OSV
OSV
added 2025/12/26 6:30 p.m.4 views

GHSA-G5P6-3J82-XFM4 Croogo CMS has a path traversal vulnerability

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

7.5CVSS6.8AI score0.00597EPSS
Exploits2References3
Snyk
Snyk
added 2025/12/26 6:30 p.m.3 views

Directory Traversal

Overview croogo/croogo is an Open Source CMS built for everyone. Affected versions of this package are vulnerable to Directory Traversal via the edit-file parameter. An attacker can access arbitrary files on the server by supplying a specially crafted path. Details A Directory Traversal attack al...

7.1CVSS7.6AI score0.00597EPSS
Exploits2References2
EUVD
EUVD
added 2025/12/26 6:30 p.m.4 views

EUVD-2024-55362

Croogo CMS has a path traversal vulnerability...

7.5CVSS6.4AI score0.00597EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2025/12/26 6:30 p.m.8 views

Croogo CMS has a path traversal vulnerability

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

6.5CVSS6.9AI score0.00597EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2025/12/26 5:15 p.m.5 views

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

6.5CVSS0.00597EPSS
Exploits2References2
OSV
OSV
added 2025/12/26 5:15 p.m.4 views

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

6.5CVSS6.8AI score0.00597EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.3 views

Croogo 安全漏洞

Croogo is Croogo open source a set of CakePHP framework based on the development of content management system CMS. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 version of a security vulnerability , th...

6.5CVSS6.4AI score0.00597EPSS
Exploits2References3
CVE
CVE
added 2025/12/26 12:0 a.m.8 views

CVE-2024-42718

CVE-2024-42718 affects Croogo CMS 4.0.7 and is a path-traversal vulnerability that allows remote attackers to read arbitrary files via a crafted value in the edit-file parameter. The issue is documented across multiple feeds (Red Hat, CIRCL, OSV, NVD, etc.) with the same description. The CVE entr...

6.5CVSS6.5AI score0.00597EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.2 views

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

6.5AI score0.00597EPSS
Exploits2References2
Rows per page
Query Builder