CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...

CVE-2018-7737

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by adminfooter.php or adminfooter.php. NOTE: the software maintainer disputes that this is a vulnerability...

PT-2018-18248 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a potential issue in Z-BlogPHP where the physical path of the web site may be leaked, as demonstrated by accessing certain files such as admin footer.php. However, it's noted that the softwar...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 msgscript2 and 2 msgscript3 parameters...

CVE-2008-2213

Multiple cross-site scripting XSS vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 msgscript2 and 2 msgscript3 parameters...

CVE-2008-2212

CVE-2008-2212 affects Maian Cart 1.1 with multiple cross-site scripting (XSS) vulnerabilities. The flaws allow remote attackers to inject arbitrary script/HTML via: (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4 in admin/inc/header.php; (5) msg_script3 and o...