CVE-2018-14515

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter...

CVE-2018-14515

CVE-2018-14515 affects WUZHI CMS 4.1.0 and enables a remote SQL injection through the parameter in the URL index.php?m=promote&f=index&v=search keywords. Public reports describe an injection vector in the search keywords field, allowing attacker-controlled SQL statements. NVD lists CVSSv2 base sc...

zachskruer.no XSS vulnerability

Open Bug Bounty ID: OBB-651867 Description| Value ---|--- Affected Website:| zachskruer.no Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-14422

blog/index.php in SansCMS 0.7 has XSS via the q parameter...

CVE-2018-14420

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

Cross site request forgery (csrf)

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...

Cross site request forgery (csrf)

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

CVE-2018-14422

SansCMS 0.7 contains a cross-site scripting vulnerability in blog/index.php via the q parameter. The issue allows injection of arbitrary web script/HTML, with the impact described as partial integrity compromise and low confidentiality impact in CVSS terms. No precise exploit details are provided...

CVE-2018-14422

blog/index.php in SansCMS 0.7 has XSS via the q parameter...

Weblication CMS Core & Grid '/grid5/scripts/' module cross-site scripting vulnerability

Weblication CMS Core & Grid is a content management system CMS that supports drag-and-drop website creation. A cross-site scripting vulnerability exists in the wFilemanager.php and index.php files of the '/grid5/scripts/' module in Weblication CMS Core & Grid version 12.6.24. A remote attacker ca...

OpenSID Cross-Site Request Forgery Vulnerability

OpenSID is a village information management system developed by the SID community. A cross-site request forgery vulnerability exists in index.php/manuser/insert URI in OpenSID version 18.06-pasca, which can be exploited by an attacker to add an administrator-level account...

torontohealthprofiles.ca XSS vulnerability

Open Bug Bounty ID: OBB-639591 Description| Value ---|--- Affected Website:| torontohealthprofiles.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-13039

OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...

CVE-2018-13040

OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13010

WSTMall v1.9.1_170316 is affected by a Cross-Site Request Forgery (CSRF) that can be exploited via the URL index.php?m=Admin&c=Users&a=edit to add a user account. The CVE-2018-13010 entry is corroborated by multiple sources (NVD entry and CNVD/Red Hat/PRION mirrors) describing CSRF to create new ...

Arbitrary file deletion

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...

CVE-2018-12988

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...

CVE-2018-12988

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...

CVE-2018-12971

EasyCMS 1.3 is affected by a CSRF vulnerability that allows deleting users via the index.php?s=/admin/user/delAll URI. Multiple sources (NVD/NVD-derived entries, CVE lists, CNVD) corroborate that this is a CSRF flaw targeting the admin user deletion endpoint. The exact impact is deletion of users...