37 matches found
CVE-2024-32746
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...
Webpushr < 4.35.0 - LFI via CSRF
Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...
WordPress Plugin Advanced Menu Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
D-Link DAP-2020 安全漏洞
The D-Link DAP-2020 is a wireless N access point. The D-Link DAP-2020 is vulnerable to a stack buffer overflow vulnerability caused by incorrect boundary checking of the var:menu parameter in the webproc endpoint, which could be exploited by an attacker to cause a buffer overflow and execute...
CVE-2020-12669
core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...
CVE-2020-12669
core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...
UBUNTU-CVE-2020-12669
core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...
Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2019-00386)
Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS...
Zomato Clone Script SQL Injection Vulnerability
Zomato Clone Script is a clone script. A SQL injection vulnerability exists in the restaurant-menu.php resid parameter of Zomato Clone Script, which can be exploited by an attacker to access or modify database data...
parcol.com XSS vulnerability
Vulnerable URL: http://parcol.com/index.asp?menu=1"...
Sql injection
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 fixed in Centreon web 2.6.0 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter...
CVE-2009-2330
Cross-site scripting XSS vulnerability in admin/adminmenu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter...
Sql injection
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter...
Directory traversal
Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the menu parameter...
WitShare 0.9 (index.php menu) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ WitShare 0.9 index.php menu Local File Inclusion Vulnerability ================================================================ """"""""""""""""""""""""""""""""""""""""""""""...
PT-2006-7341 · Unknown · Phpprofiles
Name of the Vulnerable Software and Affected Versions: phpProfiles versions 3.1.2b and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter to various PHP files, including "include/body.inc.php" and "include/body admin.inc.php", or a...
CVE-2006-3151
Cross-site scripting XSS vulnerability in index.php in AssoCIateD aka ACID 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter...