CVE-2019-25491

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cmsgetpagetitle.php endpoint with malicious catid values to extract sensitive...

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

PT-2026-22359

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms getpagetitle.php endpoint with malicious catid values to extract sensitive...

CVE-2025-13181

A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclos...

EUVD-2025-197646

A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed...

PT-2025-47003

Name of the Vulnerable Software and Affected Versions pojoin h3blog version 1.0 Description A flaw exists in pojoin h3blog version 1.0 where manipulation of the Name argument in an unknown function within the file '/admin/cms/material/add' can lead to cross site scripting. This issue is potential...

EUVD-2008-6694

Malware in sbrugna...

PT-2025-16252 · Unknown · Fannuo Enterprise Content Management System

Name of the Vulnerable Software and Affected Versions: Fannuo Enterprise Content Management System versions 1.1 through 4.0 Description: A critical issue has been found in the Fannuo Enterprise Content Management System, affecting unknown code in the file admin/cms chip.php. The manipulation of t...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page Title field of the /admin/cms/pagecontent/ endpoint due to improper user input sanitization. By submitting crafted input, an attacker can inject malicious scripts that are executed in the browse...

PT-2024-28914 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue is related to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlace component. This allows attackers to execute arbitrary code by uploading a crafted file...

Hindu Matrimonial Script 安全漏洞

Hindu Matrimonial Script is an online marriage service website of PHP Matrimonial Script India. Hindu Matrimonial Script has a security vulnerability, which originates from improper privilege management in /admin/cms.php, no details of the vulnerability are available at this time...

File Upload Vulnerability in FH Admin CMS of Shandong Aife Information Technology Co.

FH Admin is currently the mainstream java rapid development platform. Ltd. FH Admin CMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the web server...

CVE-2019-16706

kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cmsuseradd.php...

CVE-2018-12494

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI...

KV Site Admin CMS 3.0 SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title : KV Site Admin CMS 3.0 SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : e.World Technology Ltd. All rights reserved "Admin Area - Version 3.0" Version: 3.0 MyBlog: http://xbadgirl21.blogspot.com Tested on: BackBox...

KV Site Admin CMS 3.0 SQL Injection

Exploit Title : KV Site Admin CMS 3.0 SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : e.World Technology Ltd. All rights reserved "Admin Area - Version 3.0" Version: 3.0 MyBlog: http://xbadgirl21.blogspot.com Tested on: BackBox skype:xbadgirl21 Video Proof :...

CVE-2008-6734

Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...

Directory traversal

Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...

CVE-2008-6734

CVE-2008-6734 affects Keller Web Admin CMS 0.94 Pro. A directory traversal vulnerability exists in Public/index.php that lets an attacker cause local file inclusion via a .. in the action parameter, potentially enabling arbitrary code execution. The linked records confirm the issue and affected c...

CVE-2008-6734

Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...