273 matches found
glpi -- Unauthenticated Stored XSS
MITRE Corporation reports: In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure...
Drupal 8.7.x < 8.7.11 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - The Drupal project uses the third-party library ArchiveTar, which has released a security update that impacts some Drupal configurations. Multiple vulnerabilities are possibl...
Drupal 7.x < 7.69 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - The Drupal project uses the third-party library ArchiveTar, which has released a security update that impacts some Drupal configurations. Multiple vulnerabilities are possibl...
Drupal 7.0.x < 7.69 / 8.7.x < 8.7.11 / 8.8.x < 8.8.1 Multiple Vulnerabilities (drupal-2019-12-18)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.69, 8.7.x prior to 8.7.11, or 8.8.x prior to 8.8.1. It is, therefore, affected by multiple vulnerabilities. - The Drupal project uses the third-party library ArchiveTar, which has...
DRUPAL-CORE-2019-009
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt...
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt...
Missing warning can lead to unauthenticated admin access in SilverStripe
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...
GHSA-CG8J-8W52-735V Missing warning can lead to unauthenticated admin access in SilverStripe
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...
CVE-2019-12204
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...
CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...
CVE-2019-16314
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2...
CVE-2019-16314
Indexhibit 2.1.5 is vulnerable to remote code execution via the installer, exposed through /ndxzstudio/install.php?p=2. The vulnerability is documented in multiple sources (NVD, CNVD, Red Hat) with the same description, indicating that a product reinstallation can be abused to execute code remote...
osTicket 1.12 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category:...
Cross site scripting
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...
CVE-2019-14746
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
Design/Logic Flaw
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2013-7466
Simple Machines Forum SMF 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the dbtype parameter if install.php remains present after installation...
CVE-2013-7466
CVE-2013-7466 affects Simple Machines Forum (SMF) 2.0.4. The issue is a local file inclusion vulnerability in install.php that can execute remote code via an ../ directory traversal in the db_type parameter if install.php remains after installation. This is documented to enable remote code execut...
Design/Logic Flaw
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...
CVE-2019-7720
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...