92 matches found
ForU CMS Authorization Issues Vulnerability
ForU CMS is a website builder system of ForU open source. ForU CMS 2020-06-23 and earlier versions of the authorization problem vulnerability , the vulnerability stems from the file /admin/index.php there are arbitrary administrator password reset vulnerability...
CVE-2023-3873
A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The...
Campcodes Beauty Salon Management System SQL注入漏洞
Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown part of /admin/index.php, which leads to a sql injection via the parameter...
CVE-2023-3694
A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be...
Faculty Evaluation System SQL注入漏洞
Faculty Evaluation System is a faculty evaluation system by the individual developer Carlo Montero. A security vulnerability exists in version v1.0 of the Sourcecodester Faculty Evaluation System, which stems from an SQL injection in /eval/index.php?page=editfaculty&id=...
CVE-2022-44944
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Announcement function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...
Book Store Management System 跨站脚本漏洞
Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which originates in the booktitle parameter of its /bsmsci/index.php/book component, allowing an attacker to execute arbitrar...
Google KFM 跨站脚本漏洞
Google KFM is an ajax file browser and manager from Google, Inc. A security vulnerability exists in Google KFM that stems from a cross-site scripting XSS vulnerability that can be triggered via a crafted GET request to /kfm/index.php...
PT-2022-23240 · Wuzhicms · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: Wuzhicms version 4.1.0 Description: A directory traversal issue was found in Wuzhicms via the /coreframe/app/attachment/admin/index.php endpoint. Recommendations: For Wuzhicms version 4.1.0, consider restricting access to the...
CVE-2022-31355
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=...
CVE-2022-32017
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle...
CVE-2022-30817
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php...
PbootCMS 跨站请求伪造漏洞
PbootCMS is PbootCMS individual developers of an open source enterprise website content management system CMS developed using the PHP language. A security vulnerability exists in PbootCMS v2.0.3, which can be exploited by an attacker to view the added system administrators via the...
CVE-2022-29316
Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch...
Masa CMS 路径遍历漏洞
Masa CMS is a digital experience platform from MasaCMS. A security vulnerability exists in Masa CMS version 7.2.1, which stems from a path traversal vulnerability due to a lack of escaping for path parameters in /index.cfm/api/asset/image/...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-27346
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-20945
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
CVE-2020-20944
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
The vulnerability in the implementation of the /app/system/column/admin/index.class.php script of the Metinfo CMS system allows a perpetrator to increase their privileges.
The vulnerability of the /app/system/column/admin/index.class.php implementation in the Metinfo CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...