110 matches found
Code-Projects Exam Form Submission 注入漏洞
Code-Projects Exam Form Submission is an open source exam form from Code-Projects. An injection vulnerability exists in Code-Projects Exam Form Submission version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter email in the file /admin/...
News Portal /forgot-password.php File SQL Injection Vulnerability
News Portal is a news portal. News Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /admin/forgot-password.php. An attacker can exploit this vulnerability to execute illegal SQL...
News Portal Project /contactus.php File SQL Injection Vulnerability
News Portal Project is a news portal project. News Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pagetitle in the file /admin/contactus.php. An attacker can exploit this vulnerability to...
Lecms 代码注入漏洞
Lecms is a ten million large data bearing web content management system developed by Lecms Inc. in PHP language. A code injection vulnerability exists in Lecms 3.0.3 and earlier versions, which stems from a cross-site scripting issue with the Edit Profile component in files/admin...
BIT-OPENCART-2024-21516
This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...
GHSA-PQHQ-77PW-763C Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...
CVE-2024-21515
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
PT-2024-18929 · Opencart · Opencart
Name of the Vulnerable Software and Affected Versions: opencart/opencart versions 4.0.0.0 through 4.1.0.0 Description: A reflected XSS issue was identified in the directory parameter of the admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click ...
Reflected Cross-site Scripting
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the...
Reflected Cross-site Scripting
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...
CVE-2024-5045
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit...
PT-2024-18427 · Ctcms · Ctcms
Name of the Vulnerable Software and Affected Versions: Ctcms version 2.1.2 Description: A critical issue has been identified, affecting the file ctcms/apps/controllers/admin/Upsys.php, which leads to unrestricted upload. The attack can be initiated remotely, with a rather high complexity, making...
SourceCodester Complete File Management System SQL Injection Vulnerability
Complete File Management System is a file management system by nelzkie15 Personal Developer. A SQL injection vulnerability exists in SourceCodester Complete File Management System version 1.0, which originates from a SQL injection vulnerability in the file /admin/ of the component admin Login For...
CVE-2023-7126
A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may...
PT-2023-32899 · Unknown · Code-Projects Client Details System
Name of the Vulnerable Software and Affected Versions: code-projects Client Details System version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, affecting an unknown part of the file /admin. The manipulation of the username argument leads to SQL injection...
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the downloadurl parameter in the app/admin/exts/ directory...
SUSE CVE-2017-12419
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide, and the MySQL client has a localinfile setting enabled in php.ini...
CVE-2022-28010
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtimedelete.php...
The vulnerability of the Synergia operating system, related to errors in access control policies of SELinux, allows a perpetrator to gain access to view and copy files from the admin directory.
The vulnerability of the Synergia operating system is related to errors in access control policies set by SELinux. Exploiting this vulnerability could allow an attacker to gain read access to files located in the directory belonging to highly privileged users...