67 matches found
CVE-2018-20561
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter...
CVE-2018-20562
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/articlecategory.php?rec=update has XSS via the catname parameter...
iCMS Cross-Site Request Forgery Vulnerability
iCMS is a content management system CMS built with PHP and MySQL databases. A cross-site request forgery vulnerability exists in iCMS version 7.0.9, which can be exploited by remote attackers with the help of the admincp.php?app=article&do=update page to make administrators review and approve any...
CVE-2018-15566
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...
TUTUCMS system admin\Article.php page order parameter has SQL injection vulnerability
TUTUCMS is a set of CMS management program focusing on the development of image-based websites, using PHP+MYSQL architecture, which can run on different platforms Windows, Linux, Unix. A SQL injection vulnerability exists in the order parameter of the admin\Article.php page of the TUTUCMS system...
TUTUCMS system admin\Article.php page by parameter has SQL injection vulnerability
TUTUCMS is a CMS management program developed for image-based websites. A SQL injection vulnerability exists in the admin\Article.php page of the TUTUCMS system. The lack of filtering of the 'by' parameter allows an attacker to exploit the vulnerability to obtain sensitive information from the...
CVE-2010-1995
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the 1 title, 2 subTitle, and 3 author parameters in conjunction with a /admin/news/article/add...