7210 matches found
CVE-2019-18419
A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
Cross site request forgery (csrf)
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI...
CVE-2019-17676
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI...
CVE-2019-17676
CVE-2019-17676 relates to MetInfo 7.0.0beta where a CSRF flaw in app/system/admin/admin/index.class.php allows an attacker to add a user account via the doSaveSetup action to admin/index.php, demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URL. The vulnerability stems from CSRF exposure i...
CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter...
CVE-2019-17611
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter...
CVE-2019-17607
HongCMS 3.0.0 has XSS via the install/index.php servername parameter...
CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php servername parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter...
Design/Logic Flaw
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter...
CVE-2019-17609
CVE-2019-17609 : HongCMS 3.0.0 exposes a cross-site scripting vulnerability via the install/index.php dbusername parameter. The issue is described across multiple sources (NVD/CNVD) as allowing client-side code execution in the context of an affected user. CVSSv3.1 base score is 6.1 (MEDIUM) with...
CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter...
CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter...
CVE-2019-17608
Affected software: HongCMS 3.0.0. Vulnerability: Cross-Site Scripting via the install/index.php dbname parameter. Vector/Root cause: unsanitized/input handling leads to client-side script execution. Impact: attacker can execute client-side code. References: NVD entry describes XSS via the dbname ...
CVE-2019-17607
HongCMS 3.0.0 has XSS via the install/index.php servername parameter...
CVE-2019-17612
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter...
CVE-2019-17613
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17613
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...