PT-2023-1999 · Extplorer · Extplorer

Name of the Vulnerable Software and Affected Versions: eXtplorer version 2.1.15 Description: The issue is related to insecure permissions in the eXtplorer file manager, which can be exploited by a remote attacker to execute arbitrary code via the "index.php" component. This vulnerability is...

CVE-2023-28343

Altenergy Power Control Software C1.2.5 is affected by CVE-2023-28343: an OS command injection via shell metacharacters in the index.php/management/set_timezone parameter, caused by set_timezone in models/management_model.php. This allows remote command execution with the affected product version...

CVE-2023-1278

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifi...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifi...

CVE-2023-1275

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross...

CVE-2023-1044 MuYuCMS index.php path traversal

A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument filepath leads to relative path traversal. The attack can be launched remotely. The exploit has...

CVE-2023-1043

CVE-2023-1043 affects MuYuCMS 2.2. The vulnerability is a relative path traversal in an unknown function of the file /editor/index.php caused by manipulation of the dir_path argument, enabling remote exploitation. Multiple trusted sources (NVD, Red Hat, OSV, CVE lists) confirm the issue and its p...

CVE-2023-1043 MuYuCMS index.php path traversal

A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dirpath leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2023-1002

MuYuCMS 2.2 contains a path traversal vulnerability in index.php via manipulation of the file_path parameter. The issue appears exploitable remotely and has public disclosures. Connected sources confirm the root cause as improper handling of the file_path leading to traversal with realistic impac...

CVE-2023-0987

The CVE-2023-0987 entry concerns SourceCodester Online Pizza Ordering System 1.0 with a cross-site scripting (XSS) vulnerability in index.php?page=checkout. The root cause is improper handling of input leading to XSS; the issue can be triggered remotely and has been publicly disclosed. Multiple c...

CVE-2023-0945 SourceCodester Best POS Management System cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input " leads to cross site scripting. It is possible to launch...

CVE-2021-33396

Cross Site Request Forgery CSRF vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php...

CVE-2021-33396

Cross Site Request Forgery CSRF vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php...

SUSE CVE-2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...

SUSE CVE-2007-6100

Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...

CVE-2021-33396

Cross Site Request Forgery CSRF vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php...

CVE-2021-33396

The CVE-2021-33396 entry describes a CSRF vulnerability in BaijiaCMS 4.1.4 that allows an attacker to change the password or other data of an arbitrary account via index.php. The root cause is CSRF in the account-management flow; impact is high for integrity (unauthorized changes) with no confide...

CVE-2023-24648

Zstore v6.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php...

CVE-2023-24648

Zstore v6.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php...