CVE-2018-12988

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

CVE-2018-12658

Reflected Cross-Site Scripting XSS exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stocktake/index.php?keywords= URI...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion Vulnerability

Exploit for php platform in category web applications The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long ...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 1 The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as lon...

crosshop.eu XSS vulnerability

Open Bug Bounty ID: OBB-634645 Description| Value ---|--- Affected Website:| crosshop.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-12583

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...

CVE-2018-12583

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...

CVE-2018-12583

AKCMS 6.1 is affected by a cross-site request forgery (CSRF) that can delete articles via the admincp deleteitem action to index.php. The vulnerability is described in CVE-2018-12583 and corroborated by CNVD-2018-14261 and related records, which state an attacker could exploit CSRF to delete arti...

Sql injection

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

Cross site scripting

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...

CVE-2018-11735

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...

livrefoncier.fr XSS vulnerability

Open Bug Bounty ID: OBB-626506 Description| Value ---|--- Affected Website:| livrefoncier.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Flexit Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)

Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11671 An issue was discovered in GreenCMS v2.3.0603...

vehiculesutilitairesmag.com XSS vulnerability

Open Bug Bounty ID: OBB-625745 Description| Value ---|--- Affected Website:| vehiculesutilitairesmag.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site request forgery (csrf)

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle...

CVE-2018-11671

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle...