24 matches found
CVE-2019-25744
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...
CVE-2019-25744
The CVE-2019-25744 entry concerns WordPress Popup Builder 3.49, which is vulnerable to a persistent cross-site scripting (XSS) flaw. The affected component is the post_title parameter, where an attacker can break out of option tags and craft POST requests to the post.php endpoint with a script pa...
CVE-2026-10806 mjperpinosa stumasy add_post.php unrestricted upload
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...
EUVD-2021-34786
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary cod...
CVE-2026-6202 code-projects Easy Blog Site post.php sql injection
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...
CVE-2026-6202
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...
CVE-2026-6202
The vulnerability CVE-2026-6202 affects code-projects Easy Blog Site 1.0. It targets the file post.php, where manipulation of the tags argument leads to a SQL injection via an unknown function. The attack can be initiated remotely, and the exploit has been released publicly. No remediation detail...
EUVD-2019-20083
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...
PT-2026-27050
Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-learning System version 1.0 Description A security issue exists in SourceCodester Simple E-learning System 1.0. The issue is related to SQL injection within the /includes/form handlers/delete post.php file, specifically...
CVE-2026-2083 code-projects Social Networking Site delete_post.php sql injection
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...
CVE-2020-37076
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2020-37076
Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...
CVE-2025-15457 bg5sbk MiniCMS Trash File Restore post.php improper authentication
A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The...
EUVD-2025-204540
A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /deletepost.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to t...
CVE-2024-7162
A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched...
Automad Code Injection Vulnerability
Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...
PT-2022-24166 · WordPress · Events Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Events Calendar Plugin affected versions not specified Description: A vulnerability was found in the Events Calendar Plugin, affecting the file post.php of the component Event Handler. The manipulation of the title and body arguments leads to...
CVE-2022-28524
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php...
CVE-2022-28524
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php...