EUVD-2025-205975

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40...

CVE-2025-63038

Technical details for CVE-2025-63038 are not provided in the supplied documents; no affected versions, impact, or remediation are disclosed here. Monitor for updates from NVD/patch sources.

WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WP Custom Admin Interface versions = 7.40...

WordPress plugin WP Custom Admin Interface 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-54399

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40...

CVE-2025-66203 StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

Student File Management System /delete_student.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentid in the file /admin/deletestudent.php. An...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2018-25148

CVE-2018-25148 affects Microhard Systems IPn4G 1.1.0. The admin interface contains multiple authenticated remote code execution vulnerabilities that allow an authenticated attacker to create crontab jobs and modify system startup scripts. Attackers can execute arbitrary commands with root privile...

CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...

CVE-2018-25133

CVE-2018-25133 affects Synaccess netBooter NP-0801DU 7.4. The vulnerability is a cross-site request forgery via the admin interface caused by lack of proper request validation. An attacker can lure an authenticated administrator to load a malicious page and perform unauthorized admin actions, suc...

CVE-2018-25127 SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users...

CVE-2018-25127

CVE-2018-25127 affects SOCA Access Control System 180612. The issue is a cross-site request forgery in the admin interface caused by lack of proper request validation, allowing forged requests to create admin accounts when a user visits a malicious page. Affected component: admin interface/API en...

CVE-2018-25127 SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users...

PT-2025-53368

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2023-53975

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

📄 Pi-hole 5.18.3 Remote Code Execution

This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...