138 matches found
CVE-2026-27967
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...
EUVD-2026-5702
A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...
CVE-2026-2114 itsourcecode Society Management System edit_admin.php sql injection
A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...
CVE-2022-38621
Doufox v0.0.4 was discovered to contain a remote code execution RCE vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2019-20337
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the newsedit.php newsid parameter is vulnerable to SQL Injection...
CVE-2024-2285
A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/memberedit.php. The manipulation of the argument name leads to cross site scripting. The attack may be...
CVE-2025-15456
A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been...
CVE-2025-15456
CVE-2025-15456 affects bg5sbk MiniCMS versions up to 1.8. The vulnerability targets an unknown function in the file /mc-admin/page-edit.php of the Publish Page Handler, enabling improper authentication and potentially allowing remote exploitation. Multiple sources note that the exploit has been d...
MiniCMS 授权问题漏洞
MiniCMS is a mini content management system designed for personal websites by the individual developer of Dada bg5sbk. An authorization issue vulnerability exists in MiniCMS 1.8 and earlier versions, which stems from incorrect manipulation of the file /mc-admin/page-edit.php of the component...
CVE-2026-0579 code-projects Online Product Reservation System POST Parameter edit.php sql injection
A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prodid/name/price/model/serial results in sql injection. The atta...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
GHSA-G5P6-3J82-XFM4 Croogo CMS has a path traversal vulnerability
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
Directory Traversal
Overview croogo/croogo is an Open Source CMS built for everyone. Affected versions of this package are vulnerable to Directory Traversal via the edit-file parameter. An attacker can access arbitrary files on the server by supplying a specially crafted path. Details A Directory Traversal attack al...
EUVD-2024-55362
Croogo CMS has a path traversal vulnerability...
Croogo CMS has a path traversal vulnerability
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
Croogo 安全漏洞
Croogo is Croogo open source a set of CakePHP framework based on the development of content management system CMS. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 version of a security vulnerability , th...
CVE-2024-42718
CVE-2024-42718 affects Croogo CMS 4.0.7 and is a path-traversal vulnerability that allows remote attackers to read arbitrary files via a crafted value in the edit-file parameter. The issue is documented across multiple feeds (Red Hat, CIRCL, OSV, NVD, etc.) with the same description. The CVE entr...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...