20 matches found
CVE-2026-34358
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
CVE-2026-3614 AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-3614 AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2026-11399
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained security...
EUVD-2018-4865
Malware in sbrugna...
ftcms arbitrary file writing vulnerability
ftcms is a content management system from ftcms. ftcms version 2.1 and previous versions have an arbitrary file write vulnerability, which originates from the lack of valid file checksum in admin/controllers/tp.php and can be exploited by attackers to cause arbitrary file writes...
CVE-2022-30060
ftcms =2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php...
Code injection
ftcms =2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php...
CVE-2022-30060
CVE-2022-30060 affects ftcms (
ftcms 安全漏洞
ftcms is a content management system from ftcms. ftcms version 2.1 and previous versions have an arbitrary file write vulnerability, which originates from the lack of valid file checksum in admin/controllers/tp.php and can be exploited by attackers to cause arbitrary file writes...
nopCommerce Cross-Site Scripting Vulnerability
nopCommerce is a set of open source general e-commerce platform. nopCommerce 4.20 and earlier versions of PresentationNop.WebAreasAdminControllersNewsController.cs and PresentationNop. WebAreasAdminControllersBlogController.cs components have a cross-site scripting vulnerability in the...
CVE-2019-19682
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/id Admin/Blog/BlogPostEdit/id. NOTE: the...
CVE-2019-16119
SQL injection in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php albumid parameter...
CVE-2019-16118
Cross site scripting XSS in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php...
ZOO by YOOtheme,3.3.33,SQL Injection
ZOO by YOOtheme,3.3.33,SQL Injection Fix SQL injection vulnerability in Admin Controllers new version number 3.3.34 Update Notice URL https://yootheme.com/support/zoo/changelog...
Sql injection
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI...
CVE-2018-12912
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI...
CVE-2018-12912
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI...
CVE-2018-12912
HongCMS 3.0.0 contains a SQL Injection vulnerability in admin/controllers/database.php, exploitable via the request admin/index.php/database/operate?dbaction=emptytable&tablename= (URI). Public exploit/activity references show an authenticated/remote-exploit path using this parameter to inject SQ...