CVE-2018-19465

CVE-2018-19465 affects Maccms up to version 8.0, allowing Cross-Site Scripting (XSS) via the site_keywords field used in index.php?m=system-config. The root cause is tied to template files: tpl/module/system.php and tpl/html/system_config.html, with related references to template/paody/html/vod_i...

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

Joomla and WordPress Found Harboring Malicious Redirect Code

Security researchers are warning owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites. On Thursday, Eugene Wozniak, a security researcher with Sucuri, published a report outlining a rogue hypertext access .htaccess injector found on...

Sql injection

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...

CVE-2019-10852

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...

Sql injection

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadminceditpost cvalue parameter...

Sql injection

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=SQL, index.php?p=rooms&q=SQL, or admin/login.php...

CVE-2018-18800

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=SQL, index.php?p=rooms&q=SQL, or admin/login.php...

Cross site scripting

Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation...

CVE-2018-16625

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...

CVE-2018-16626

CVE-2018-16626 affects Typesetter 5.1: index.php/Admin/Classes allows cross-site scripting via the description of a new class name. The vulnerability is an XSS in the class-creation workflow, arising from how the description field is processed in Admin/Classes. Public references in the connected ...

CVE-2018-16639

CVE-2018-16639 affects Typesetter 5.1. The vulnerability allows a Cross-Site Scripting (XSS) attack via the index.php/Admin LABEL parameter during new page creation, stemming from insufficient validation of client-side data. Public sources (NVD, RH/Red Hat, OSV, CNVD, CVE List, etc.) consistently...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12790

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12790

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12790

CVE-2017-12790 : MetInfo 5.3.18 is affected by Cross Site Request Forgery (CSRF) affecting the admin/index.php component. The attack vector involves an administrator clicking a malicious link while logged in. Reported impact is Information Disclosure (remote). The Red Hat, NVD, PRION, and CVE cat...

CVE-2017-12788

CVE-2017-12788 affects MetInfo CMS (version 5.3.18) via admin/index.php . Vulnerable parameters are class1 and anyid , enabling multiple XSS by remote attackers to inject script/HTML. The documents do not provide exploitable details beyond the parameter vectors or any available remediation. No ex...

CVE-2018-13983

ImpressCMS 1.3.10 is affected by an XSS vulnerability triggered via PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. The root cause is unvalidated PATH_INFO leading to cross-site scripting, enabling arbitrary HTML/JS execution in a us...

HumHub 1.3.12 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

CVE-2019-11626

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request...