CVE-2022-40446

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=...

CVE-2022-40446

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=...

CVE-2022-40446

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=...

Cross site scripting

Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/js...

Attendance and Payroll System SQL注入漏洞

Attendance and Payroll System is an attendance and payroll system using PHP/MySQLi source code from oretnom23 individual developers. version v1.0 of Attendance and Payroll System is vulnerable to SQL injection, which originates from the component adminattendancedelete.php lacks validation for...

CVE-2022-28011

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\scheduledelete.php...

CVE-2022-28015

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvanceedit.php...

CVE-2022-28014

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendanceedit.php...

Remote code execution

Victor v1.0 was discovered to contain a remote code execution RCE vulnerability via the component admin/profile.php?section=admin...

Sql injection

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendancedelete.php...

CVE-2022-27478

Victor v1.0 was discovered to contain a remote code execution RCE vulnerability via the component admin/profile.php?section=admin...

Qibosoft Cross-Site Scripting Vulnerability

Qibosoft qibosoft is a content management system CMS from Qibosoft, China. qibosoft has a cross-site scripting vulnerability that originates in the /admin/index.php?lfj=friendlink & action=add link of the admin component of the product. The vulnerability is caused by the...

CVE-2020-20946

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

CVE-2020-21505

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php/Link/addsave...

CVE-2020-21506

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?m=Config&a=add...

CVE-2020-19158

Cross Site Scripting XSS in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin//app/config/'...

CVE-2020-20981

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information...

CVE-2020-36396

A stored cross site scripting XSS vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...

CVE-2020-36397

A stored cross site scripting XSS vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...