26 matches found
CVE-2026-10806
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...
CVE-2026-10806 mjperpinosa stumasy add_post.php unrestricted upload
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...
EUVD-2022-48896
Malicious code in bioql PyPI...
EUVD-2022-31851
Malicious code in bioql PyPI...
EUVD-2022-31602
Malicious code in bioql PyPI...
CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...
CVE-2024-33442
CVE-2024-33442 affects flusity-CMS v.2.33. The issue is a remote code execution vulnerability via the add_post.php component. The vulnerability is described across multiple sources (Red Hat, NVD, osv.dev, CVE lists) with a CVSS v3.1 base score of 4.3 (Medium), network attack vector, low attack co...
CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
Cross site scripting
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
CVE-2022-46058
CVE-2022-46058 affects AeroCMS v0.0.1, with a cross-site scripting (XSS) vulnerability exploitable via add_post.php. The issue allows an attacker to inject a crafted payload into the Comments text field to execute arbitrary web scripts or HTML. This is documented across multiple sources (NVD, RH ...
Sql injection
elitecms 1.01 is vulnerable to SQL Injection via /admin/addpost.php...
CVE-2022-30813
CVE-2022-30813 affects elitecms 1.01 and is caused by a lack of input validation on the /admin/add_post.php page, enabling SQL Injection. Multiple connected sources corroborate the vulnerability and affected product/version. The NVD and other records assign a high/critical impact (CVSS v3.1: 9.8,...
CVE-2022-27062
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...
CVE-2022-27062
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field...