CVE-2026-5333 DefaultFuction Content-Management-System tools.php command injection

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

CVE-2026-5333 DefaultFuction Content-Management-System tools.php command injection

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

CVE-2026-5333

CVE-2026-5333 affects DefaultFuction Content-Management-System 1.0. The issue is a command-injection vulnerability caused by manipulation of the host argument in the file /admin/tools.php. It can be exploited remotely. The connected sources consistently describe the vulnerability as affecting thi...

EUVD-2015-9241

Malware in sbrugna...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

NULL Pointer Dereference

PrestaShop is vulnerable to a NULL pointer dereference. The vulnerability is due to improper handling of NULL values in the mathround function within Tools.php, leading to a NULL pointer dereference. Attackers can exploit this to crash the application or potentially cause a denial of service...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop version 8.1.4, which stems from a NULL pointer dereference in the...

PT-2024-27102

Name of the Vulnerable Software and Affected Versions: Prestashop version 8.1.4 Description: A NULL pointer dereference was identified in the math round function within Tools.php. Recommendations: For Prestashop version 8.1.4, consider disabling the math round function within Tools.php until a...

CVE-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape the startdate and enddate parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting issue. This is due to an incorrect fix of CVE-2021-34660 https://wpscan.com/vulnerability/4a4934d6-282d-4e8c-922a-6b1f12884191...

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection...

Cross site scripting

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php editstyle id XSS...

CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...

CVE-2018-7491

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors'...

CVE-2018-7491

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors'...