Pluck 跨站请求伪造漏洞

Pluck is a small and simple content management system CMS written in PHP. A cross-site request forgery vulnerability exists in Pluck version 4.7.10-dev2. An attacker can exploit this vulnerability to edit a page via /admin.php?action=editpage...

CVE-2020-19109

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to adminedit.php, which could let a remote malicious user execute arbitrary code...

PHPGurukul Online Book Store SQL注入漏洞

PHPGurukul Online Book Store is a PHP-based online bookstore website system. A SQL injection vulnerability exists in Online Book Store v1.0. The vulnerability can be exploited to execute arbitrary code via the bookisbn parameter of adminedit.php...

UBUNTU-CVE-2020-13568

SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/editgroup.php, when the POST parameter action is “Submit”, the POST parameter parentid leads to a SQL...

UBUNTU-CVE-2020-13566

SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/editgroup.php, when the POST parameter action is “Delete”, the POST parameter deletegroup leads to a SQL...

phpGACL SQL注入漏洞

phpGACL is an open source PHP class for Web developers to provide a simple but powerful "insert" permission system . For its current Web-based applications to use . Phpgacl version 3.3.7 SQL injection vulnerability , the vulnerability stems from the program admin/edit group.php page SQL injection...

PT-2021-9640 · Phpgacl · Phpgacl

Name of the Vulnerable Software and Affected Versions: phpGACL version 3.3.7 Description: The issue allows for SQL injection through a specially crafted HTTP request. In the file admin/edit group.php, when the POST parameter action is set to “Delete”, the POST parameter delete group can lead to a...

CVE-2020-13157

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed...

DEVOME GRR Code Issue Vulnerability

DEVOME GRR is a resource management and reservation system. A code issue vulnerability exists in DEVOME GRR versions prior to 3.4.1c that stems from the admineditroom.php file failing to properly handle file uploads. A remote attacker could exploit this vulnerability to execute code...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18334)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language version 9...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18333)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9. The...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18324)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-category.php in Chadha PHPKB Standard Multi-Language version 9...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18325)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9. The...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18326)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-template.php in Chadha PHPKB Standard Multi-Language version 9...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18327)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9. The...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17219)

Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/edit-user.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems from...

CVE-2020-10504

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...

CVE-2020-10493

CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request...

CVE-2020-10496

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request...

CVE-2020-10494

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request...