Design/Logic Flaw

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...

CVE-2018-18323

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=fileeditor&file=/../ URI...

CVE-2018-18322

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php servicestart, servicerestart, servicefullstatus, or servicestop parameter...

CVE-2018-18324

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fmcurrentdir parameter, or the admin/index.php module, servicestart, servicefullstatus, servicerestart, servicestop, or file within the fileeditor parameter...

CVE-2018-18296

CVE-2018-18296 describes a cross-site scripting (XSS) vulnerability in MetInfo 6.1.2. The issue is triggered via the parameter path /admin/index.php with the bigclass parameter when the request uses n=column&a=doadd. The connected sources corroborate the same vulnerability description across mult...

CVE-2018-18198

The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...

CVE-2018-18198

The CVE-2018-18198 issue affects REDAXO 5.6.3 via addons/mediapool/pages/index.php where the $opener_input_field is not properly filtered and is echoed to the page. This allows an attacker to inject XSS payloads through a request such as index.php?page=mediapool/media&opener_input_field=[XSS]. Re...

CVE-2018-18075

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

Sql injection

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

CVE-2018-18075

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

CVE-2018-18075

WikidForum 2.20 is affected by an SQL Injection vulnerability exposed via the rpc.php (parent_post_id or num_records) parameters, or the index.php?action=search (select_sort) parameter. The issue, reported across multiple sources, indicates that unsafely constructed SQL queries can be influenced ...

CVE-2012-6710

The CVE-2012-6710 issue affects eXtplorer (through version 2.1.2). It allows remote attackers to bypass authentication by sending password[]= (an empty array) in an action=login request to index.php, enabling unauthorized access. Affected component is ext_find_user; root cause is authentication b...

CVE-2018-17428

An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter...

CVE-2018-17428

An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter...

WUZHICMS 2.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: WUZHICMS 2.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Vendor: http://www.wuzhicms.com Software: WUZHICMS 2.0 CVE: CVE-2018-17832 Technical Details & Description: A Cross Site Scripting vulnerability has been discovered in t...

CVE-2018-17830

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted only values are restricted. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=&args substring...

Cross site scripting

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter...

CVE-2018-17832

WUZHICMS 2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the v and f GET parameters. The issue is described as XSS in the WUZHICMS 2.0 web application, with PoC references showing injected content via index.php?v= and index.php?f=. No explicit root-caus...

CVE-2018-17832

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter...

WUZHICMS 2.0 - Cross-Site Scripting

Title: WUZHICMS 2.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-10-01 Vendor: http://www.wuzhicms.com Software: WUZHICMS 2.0 CVE: CVE-2018-17832 Technical Details & Description: A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0 web-application. The...