CVE-2022-31000

The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...

Solidus 跨站请求伪造漏洞

Solidus is an open source e-commerce system. solidusbackend is the administrative interface of the Solidus e-commerce framework. solidusbackend is vulnerable to cross-site request forgery, which can be exploited by attackers to change the status of order adjustments while holding an order number,...

CVE-2022-29676

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...

CVE-2022-30073

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...

Plone Code Injection vulnerability

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

GHSA-7HXC-MWX7-5HMC Plone Code Injection vulnerability

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

GHSA-V6GF-X8FP-532V Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

GHSA-RW75-M7GP-92M3 Django data leakage via querystring manipulation in admin

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

CVE-2022-30414

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/viewapplication&id=...

CVE-2022-30371

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargotypes/viewcargotype.php?id=...

CVE-2022-29748

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manageclient&id=...

Logo Slider <= 1.4.8 - Admin+ SQLi

The plugin does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection https://example.com/wp-admin/admin.php?page=manageimages&lspsliderid=1+AND+SELECT+7741+FROM+SELECTSLEEP5hlAf...

CVE-2020-19212

SQL Injection vulnerability in admin/grouplist.php in piwigo v2.9.5, via the group parameter to delete...

GHSA-R7W6-P47G-VJ53 Django Data leakage via admin history log

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information...

PT-2022-19905 · Mediawiki +1 · Mediawiki Quiz Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki QuizGame extension versions through 1.37.2 Description: The admin API module in the QuizGame extension for MediaWiki omits a check for the quizadmin user. Recommendations: For MediaWiki QuizGame extension versions through 1.37.2,...

CVE-2022-27336

Seacms v11.6 was discovered to contain a remote code execution RCE vulnerability via the component /admin/weixin.php...

CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...

CVE-2022-28435

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1...

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...