CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

115cms 代码注入漏洞

115cms is a multi-module intelligent website building system of Guizhou Forxin Technology 115cms Company in China. 115cms suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts into web pages for execution in other users' browsers...

Authentication flaw

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

CVE-2024-1817 Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

CVE-2024-1817

The CVE-2024-1817 entry concerns Demososo DM Enterprise Website Building System (versions up to 2022.8) with a Cookie Handler flaw in function dmlogin (indexDM_load.php). The root cause is improper authentication due to manipulating the is_admin argument (input y), allowing remote exploitation. P...

Demososo DM Enterprise Website Building System License Issues Vulnerability

Demososo DM Enterprise Website Building System is a system website of Demososo Inc. An authorization issue vulnerability exists in Demososo DM Enterprise Website Building System version 2022.8 and earlier, which stems from a security issue in the dmlogin function of indexDMload.php in the compone...

ForU CMS SQL注入漏洞

ForU CMS is ForU open source a website building system . ForU CMS 2020-06-23 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...

Beijing UpCloud Technology Development Co., Ltd. website building system has SQL injection vulnerability

Beijing UpCloud Technology Development Co., Ltd. was established on July 30, 2009. The company's business scope includes: technology promotion services; economic trade consulting; computer graphic design; advertising design, production; enterprise planning; software development, etc. Ltd. has a S...

File upload vulnerability exists in the website building system of Hangzhou Bocai Network Technology Co.

Ltd. is an innovative company that provides comprehensive digital services including strategy consulting, visual design, technology development, content manufacturing and marketing. There is a file upload vulnerability in the website building system of Hangzhou Bocai Network Technology Co...

SQL Injection Vulnerability in Website Building System of Siltronic Technology Limited (CNVD-2022-41797)

Siltronic is a company dedicated to the cause of disaster prevention and mitigation in China, providing the government with comprehensive solutions for disaster prevention and mitigation informatization. A SQL injection vulnerability exists in the website builder system of Siltronic Technology...

SQL Injection Vulnerability in Website Building System of Siltronic Technology Limited (CNVD-2022-25679)

Siltronic is a company dedicated to the cause of disaster prevention and mitigation in China, providing the government with comprehensive solutions for disaster prevention and mitigation informatization. A SQL injection vulnerability exists in the website builder system of Siltronic Technology...

SQL Injection Vulnerability in the Website Building System of Jereh Information Business Limited

Jereh Information Business Limited is a company that has completed thousands of corporate websites, e-commerce websites, event websites, as well as a variety of function-specific programs and apps for thousands of companies and organizations. A SQL injection vulnerability exists in the website...

MipCMS server-side request forgery vulnerability

MipCMS is an application software. A content management system based on Baidu Mobile Accelerator MIP and an SEO website building system. mipCMS 5.0.1 has a server-side request forgery vulnerability that can be exploited by attackers to access sensitive information...

Shaanxi Silicon Peak Network Technology Co., Ltd. website building system has file upload vulnerability

Shaanxi Silicon Peak Network Technology Co., Ltd. was founded in 2007 is a "website design, software development, microblogging, Internet marketing, e-commerce" and other integrated information technology services in one of the high-end brand IT organizations. Shaanxi Silicon Peak Network...

MipCMS 代码问题漏洞

MipCMS is an application software. A content management system based on Baidu Mobile Accelerator MIP and an SEO website building system. mipCMS 5.0.1 has a server-side request forgery vulnerability that can be exploited by attackers to access sensitive information...

Nantong Runbang Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Nantong Runbang Network Technology Co., Ltd. is a company dedicated to providing in-depth and rich interactive solutions for Internet companies and brand markets. There is a SQL injection vulnerability in the website building system of Nantong Runbang Network Technology Co., Ltd, which can be...

SQL Injection Vulnerability in YimaoAdmin (CNVD-2021-46690)

YimaoAdmin is a website builder. YimaoAdmin suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

XSS Vulnerability in the Website Building System of Beijing Bolehoo Technology Co.

Beijing Bleihoo Technology Co., Ltd. is a planning, design, production, technology development in one of the oldest website building company. There is an XSS vulnerability in the website builder system of Beijing Bleihoo Technology Co., Ltd, which can be exploited by attackers to obtain sensitive...

SQL injection vulnerability in website building system of Suzhou Ernst Network Technology Co.

Suzhou Ernst Network Technology Co., Ltd. is a marketing plan, providing medium and high-end website design, graphic design, program development and network marketing and with Suzhou Topps Network Technology Co. Suzhou Ernst Network Technology Co., Ltd. building system there are SQL injection...