CVE-2019-10687

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print= request...

CVE-2019-20139

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user...

CVE-2019-17577

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...

CVE-2019-9551

An issue was discovered in DOYO aka doyocms 2.3 through 2015-05-06. It has admin.php XSS...

CVE-2019-17578

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter...

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

CVE-2018-5076

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter...

CVE-2018-10031

CMS Made Simple aka CMSMS 2.2.7 has CSRF in admin/moduleinterface.php...

CVE-2018-15198

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...

CVE-2018-17560

The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected...

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...

Credit Card Application Management System SQL Injection Vulnerability

Credit Card Application Management System is a credit card application management system. Credit Card Application Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file...

CVE-2025-48417

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

PT-2025-22346 · Echarge Hardy Barth · Cph2 / Cpp2 Charging Stations

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns hard-coded TLS certificates and private keys in the firmware for the web interface, specifically on TCP port 443. An attacker can exploit this by using the private key to...

CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an...

PT-2025-22140 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.50 ELTS TYPO3 versions 10.0.0 through 10.4.49 ELTS TYPO3 versions 11.0.0 through 11.5.43 ELTS TYPO3 versions 12.0.0 through 12.4.30 LTS TYPO3 versions 13.0.0 through 13.4.11 LTS Description: The backend user...

CVE-2025-4554

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-passreports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiat...

Baidu BRCC 安全漏洞

Baidu BRCC Baidu Better Remote Config Center is a distributed configuration center of China's Baidu Baidu, which is used to unify the management of configuration information of application services, to avoid all kinds of resources scattered in various projects, and to simplify the maintenance cos...

Car Rental Project 1.0 - Remote Code Execution

Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...