25 matches found
CVE-2019-8938
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter...
CVE-2017-14399
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajaxrename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php...
Unrestricted file upload
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajaxrename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php...
CVE-2012-6511
Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...
DEBIAN-CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...