PT-2026-28697

Name of the Vulnerable Software and Affected Versions code-projects Online Reviewer System version 1.0 Description A security issue exists in code-projects Online Reviewer System version 1.0. Manipulation of the Description argument in an unknown function within the file...

Code-Projects Online Reviewer System 代码注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “firstname” in the file...

PT-2026-7076

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack...

CMSimple Cross-Site Scripting Vulnerability (CNVD-2026-02656)

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary code via the functions.php componen...

CVE-2024-32392

Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component...

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v.5.15, which stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code via the functions.php component...

PT-2023-9948 · Unknown · Hd Flv Player Plugin

Name of the Vulnerable Software and Affected Versions: HD FLV Player Plugin versions up to 1.7 Description: A critical issue has been found in the HD FLV Player Plugin, affecting the function hd add media/hd update media of the file functions.php. The manipulation of the argument name leads to SQ...

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

Attendance Management System SQL注入漏洞

Attendance Management System is an attendance management system by Razormist Personal Developer. It is used to maintain daily attendance records. Attendance management system version 1.0 has a SQL injection vulnerability, which can be exploited by an attacker via admin/incFunctions.php...

CVE-2020-18890

Rmote Code Execution RCE vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php...

CVE-2020-18888

Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php...

EyesOfNetwork eonweb SQL injection vulnerability (CNVD-2020-60479)

EyesOfNetwork "EON" is the open source and free IT monitoring solution that combines practical ITIL processes with a technical interface that allows its workday program. eonweb is the web interface for EyesOfNetwork. EyesOfNetwork eonweb 5.3-7 - 5.3-8 suffers from an SQL injection vulnerability...

DEBIAN-CVE-2019-7345

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...

DEBIAN-CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

PT-2007-6586 · Phpcms · Phpscms

Name of the Vulnerable Software and Affected Versions: phpSCMS versions 0.0.1-Alpha1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter in the includes/functions.php file. This is a remote file inclusion issue. Note that the identified code...