170 matches found
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
DhCms Cross-Site Scripting Vulnerability
DhCms Dinghua Cloud CMS is a content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in the admin.php?r=admin/Index/index backend in DhCms 2017-09-18 and earlier versions. A remote attacker can exploit this vulnerability to obtain cookie information...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
Code Execution Vulnerability in Knight CMS Admin Backend
74cms Knight CMS is a PHP-based open source professional talent system. Knight CMS management background code execution vulnerabilities, attackers can use the vulnerability to obtain control of the web server...
phpMyFAQ <= 2.9.10 Multiple Vulnerabilities
phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...
CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
Design/Logic Flaw
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
CVE-2018-16651
The CVE-2018-16651 entry applies to phpMyFAQ (admin backend) before version 2.9.11, where CSV injection in reports is possible due to insufficient sanitization of report content. The vulnerability is reflected with a HIGH CVSS score (3.0: 7.2; 2.0: 9.0) and can impact multiple CIA aspects as defi...
CVE-2018-16651
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...
phpMyFAQ Cross-Site Request Forgery Vulnerability (CNVD-2019-07200)
phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...
phpMyFAQ CSV Injection Vulnerability
phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A CSV injection vulnerability exists in the admin...
Override Access Vulnerability in SiteServer CMS Administration Backend
SiteServer CMS is a web content management system developed by Beijing Billion Software Technology Development Co. A vulnerability exists in the management background of SiteServer CMS. The vulnerability is due to the background access control using JWT technology for identity authentication, HTT...
javapms admin backend template injection code execution vulnerability
JAVAPMS is a JAVA Portal Management System JAVA Portal Management System for short, SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture, for the majority of webmasters, software developers, program enthusiasts, web page designers, for individual...
Piwigo SQL Injection Vulnerability
Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A SQL injection vulnerability exists in the administrative backend of Piwigo 2.9.1 and previous versions. A remote attack...
DedeCMS stored xss vulnerability
Vulnerability description: Dedecms is an open source PHP open source website management system. Dedecms member function shopsdelivery. in php des parameters there is stored XSS vulnerability, the attacker may exploit the vulnerability to obtain the users cookie. Test environment: DedeCMS-V5...
Jobberbase 2.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...
Reflective XSS Vulnerability in EasyCMS Enterprise Marketing Management System Administration Backend
EasyCMS is a web content management system based on PHP+Mysql architecture. A reflective XSS vulnerability exists in the administration backend of the EasyCMS enterprise marketing management system, which can be exploited by an attacker to submit data with js code on the personal information page...
Liferay Portal 6.2 EE SP13 Cross Site Scripting
Hey guys, during a penatrationtest I have found an unknown persistent xss in liferay portal backend. General Information Manufacture description: Liferay Portal is an enterprise-web-platform for the development of business solutions, which provides quick results and long-term values. Details ·...
CVE-2015-2149
Multiple cross-site scripting XSS vulnerabilities in the administrative backend in MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the 1 MIME-type field in an add action in the config-attachmenttypes module to admin/index.php; 2...
CVE-2015-2183
ZeusCart 4 (open source PHP/MySQL e‑commerce) is affected by multiple SQL injection vulnerabilities in the administrative backend. The flaws allow remote administrators to inject arbitrary SQL via the id parameter in disporders detail or subadminmgt edit actions, or via the cid parameter in editc...