1747 matches found
PT-2025-54399
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40...
CVE-2025-66203 StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...
Student File Management System /delete_student.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentid in the file /admin/deletestudent.php. An...
CVE-2018-25148
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...
CVE-2018-25148
CVE-2018-25148 affects Microhard Systems IPn4G 1.1.0. The admin interface contains multiple authenticated remote code execution vulnerabilities that allow an authenticated attacker to create crontab jobs and modify system startup scripts. Attackers can execute arbitrary commands with root privile...
CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...
CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...
CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...
CVE-2018-25133
CVE-2018-25133 affects Synaccess netBooter NP-0801DU 7.4. The vulnerability is a cross-site request forgery via the admin interface caused by lack of proper request validation. An attacker can lure an authenticated administrator to load a malicious page and perform unauthorized admin actions, suc...
CVE-2018-25127 SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users...
CVE-2018-25127 SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users...
CVE-2018-25127
CVE-2018-25127 affects SOCA Access Control System 180612. The issue is a cross-site request forgery in the admin interface caused by lack of proper request validation, allowing forged requests to create admin accounts when a user visits a malicious page. Affected component: admin interface/API en...
PT-2025-53368
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...
CVE-2023-53975
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...
📄 Pi-hole 5.18.3 Remote Code Execution
This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...
CVE-2025-14989 Campcodes Complete Online Beauty Parlor Management System search-invoices.php sql injection
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...
CVE-2025-66906
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
CVE-2023-53916
Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...
EUVD-2025-204337
A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...