7210 matches found
CVE-2019-9769
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator...
CVE-2018-17425
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI...
CVE-2018-17426
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI...
CVE-2013-7468
Simple Machines Forum SMF 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter...
CVE-2013-7467
Simple Machines Forum SMF 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter...
CVE-2013-7468
Affected software: Simple Machines Forum (SMF) 2.0.4. Vulnerability: PHP Code Injection via the dictionary parameter in the index.php?action=admin;area=languages;sa=editlang path. Root cause (as described): unsafely processed user-supplied dictionary parameter enables code execution. Impact (as s...
CVE-2018-17426
WUZHI CMS 4.1.0 is affected by a stored XSS vulnerability in the Extension module, specifically the "SMS in station" field under index.php?m=core. The issue is caused by improper input handling in that field, enabling arbitrary HTML/JS injection. No exploit details or remediation are provided in ...
CVE-2018-17425
WUZHI CMS 4.1.0 contains a stored XSS vulnerability in the Membership Center’s “I want to ask” -> “detailed description” field (index.php?m=member). Multiple sources (NVD, CNVD, OSV, CVE records) confirm that an attacker can inject script/HTML through this field, leading to stored XSS. No spec...
CVE-2019-8440
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox aka site logo of "System setting-site setting" of admin/index.php, aka sitelogo...
CVE-2019-8438
CVE-2019-8438 affects DiliCMS 2.4.0. A Stored XSS vulnerability exists in the first textbox of System setting -> site setting (admin/index.php), specifically the site_name field. The issue is described without exploit details in the provided sources; CVSS scores from NVD indicate a Low to Medi...
Sql injection
PHPSHE 1.7 allows module/index/cart.php pintuanid SQL Injection to index.php...
CVE-2019-9626
PHPSHE 1.7 allows module/index/cart.php pintuanid SQL Injection to index.php...
CVE-2019-9626
PHPSHE 1.7 allows module/index/cart.php pintuanid SQL Injection to index.php...
CVE-2019-9626
CVE-2019-9626 affects PHPSHE 1.7. The vulnerability is a SQL Injection in module/index/cart.php via the pintuan_id parameter reaching index.php. Root cause: improper handling/concatenation of input in cart.php leading to untrusted input affecting SQL queries. Impact (as stated): potential comprom...
Cross site scripting
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=XSS&y=XSS to coreframe/app/core/map.php...
CVE-2019-9110
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&setiframe=XSS to coreframe/app/content/postinfo.php...
CVE-2019-8933
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory without being blocked by the Web Application Firewall, and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on...
CVE-2019-8910
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=sitepost CSRF...
CVE-2019-8910
CVE-2019-8910 affects WTCMS 1.0 and describes a cross-site request forgery in index.php?g=admin&m=setting&a=site_post. Public sources (CNVD/Red Hat/NVD) note it can be exploited by remote attackers to alter website information. The NVD lists CVSS v3 base score 8.8 (HIGH) with network access, user...
CVE-2019-8407
HongCMS 3.0.0 is affected by CVE-2019-8407 due to a path traversal in the filename parameter of admin/index.php/language/edit, allowing arbitrary file read and write. The underlying cause is improper handling of "../" in the filename, enabling access to sensitive files. Impact: partial confidenti...