Sql injection

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

CVE-2018-19893

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

HasanMWB 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: HasanMWB 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/hasanmwb/ Software Link: https://netcologne.dl.sourceforge.net/project/hasanmwb/HasanMWB-v1.zip Version: 1.0 Category:...

CVE-2018-19785

PHP-Proxy (up to version 5.1.0) is affected by Cross-Site Scripting via the URL field in index.php. The root cause is insufficient sanitization of the URL parameter. Documented affected component: PHP-Proxy-app/script index.php; impact: XSS. No explicit remediation or patch details are provided i...

Code injection

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 is vulnerable to remote code execution via an eval-based input in the web layer. The issue stems from an insufficient protection mechanism in apps/home/controller/ParserController.php (parserIfLabel), which allows an attacker to inject and execute code through a c...

CVE-2018-19560

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account...

CVE-2018-19560

CVE-2018-19560 affects BageCMS 3.1.3. The vulnerability is a Cross‑Site Request Forgery (CSRF) where an attacker can trigger actions via the endpoint upload/index.php?r=admini/admin/ownerUpdate to modify a user account. Several connected sources (NVD, Red Hat, CVE registries, CNVD) corroborate th...

CVE-2018-18774

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter...

CVE-2018-18774

CVE-2018-18774 affects CentOS Web Panel (CentOS Web Panel) versions up to 0.9.8.740. The vulnerability is an XSS flaw exploitable through the admin/index.php endpoint via the module parameter, allowing an attacker to inject arbitrary web script into the administrator’s browser. Several sources in...

CVE-2018-18801

The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=SQL or index.php?q=single-item&id=SQL...

CVE-2018-18801

The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=SQL or index.php?q=single-item&id=SQL...

Surreal ToDo 0.6.1.2 - Local File Inclusion

Surreal ToDo 0.6.1.2 - Local File Inclusion Exploit Title: Surreal ToDo 0.6.1.2 - Local File Inclusion Dork: N/A Date: 2018-11-08 Exploit Author: Ihsan Sencan Vendor Homepage: http://getsurreal.com/surrealtodo Software Link:...

CVE-2018-19192

An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the datacontent parameter...

HackerOne: Open redirect vulnerability in index.php

Summary: Hello Team i would like to report an open redirect on hackerone.com with reference to report 320376. In report 320376 it shows vulnerability i mitigated but still i am able to reproduce it. so all the summary and description remains the same. Redirection is performed by HackerOne website...

CVE-2018-19138

WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...

CVE-2018-19050

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter...

CVE-2018-19051

MetInfo 6.1.3 is affected by a cross-site scripting (XSS) vulnerability exploitable through the admin/index.php?a=dogetpassword abt_type parameter. The issue is tied to MetInfo’s admin input handling, enabling XSS in the context of the injected parameter. Connected sources consistently reference ...

Cross site scripting

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field...

CVE-2018-18938

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field...