Cross site request forgery (csrf)

An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1...

Twitter-Clone 1 - userid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...

Twitter-Clone 1 - userid SQL Injection

Twitter-Clone 1 - userid SQL Injection Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

CVE-2018-15130

CVE-2018-15130 affects ThinkSAAS up to 2018-07-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the parameter groupdesc in the URL path index.php?app=group&ac=create&ts=do, allowing injection of arbitrary web script/HTML into the page. Root cause details beyond XSS are n...

CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...

CVE-2018-15129

ThinkSAAS up to 2018-07-25 is affected by a cross-site scripting (XSS) flaw in the content parameter for the article comment endpoint (index.php?app=article&ac=comment&ts=do content). The issue arises from user-supplied content being reflected without proper sanitization, enabling XSS. Connected ...

Cross site request forgery (csrf)

An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings such as the theme, title, and description via index.php...

Cross site request forgery (csrf)

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI...

CVE-2018-14958

An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings such as the theme, title, and description via index.php...

Cross site scripting

An issue was discovered in Rincewind 0.1. There is a cross-site scripting XSS vulnerability involving a p=account request to index.php and another file named commonPages.php...

Design/Logic Flaw

An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset...

CVE-2018-14873

An issue was discovered in Rincewind 0.1. There is a cross-site scripting XSS vulnerability involving a p=account request to index.php and another file named commonPages.php...

CVE-2018-14873

CVE-2018-14873 affects the Rincewind 0.1 CMS. The issue is a cross-site scripting (XSS) vulnerability triggered by a p=account request to index.php and to commonPages.php. The connected documents do not provide exploitation details, impact metrics beyond generic XSS, or any remediation/patch info...

CVE-2018-14873

An issue was discovered in Rincewind 0.1. There is a cross-site scripting XSS vulnerability involving a p=account request to index.php and another file named commonPages.php...

Design/Logic Flaw

An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...

Cross site request forgery (csrf)

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

Cross site scripting

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server"...