CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

PT-2026-35999

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

Tenda W308R 安全漏洞

The Tenda W308R is a home wireless router from the Chinese company Tenda. It supports wireless network connections and routing management functions. The Tenda W308R v2 V5.07.48 version has a security vulnerability. This vulnerability stems from a Cookie session weakness, which allows unauthorized...

CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...

Chamilo 操作系统命令注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the POST parameter “newlanguage” in the file...

EUVD-2025-203932

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

PT-2025-51865

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin language file and default page language file in the admin.php component...

CVE-2025-67174

RiteCMS v3.1.0 contains a local file inclusion (LFI) vulnerability in the admin.php component, exploitable via directory traversal in admin_language_file and default_page_language_file. The issue allows an attacker to read arbitrary files on the host. Multiple connected sources (CNVD-2026-05343, ...

EUVD-2025-27650

Malicious code in bioql PyPI...

CVE-2025-9623

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

CVE-2025-9623

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

CVE-2025-9623

CVE-2025-9623 affects the WordPress plugin Admin in English with Switch . The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to and including 1.1, caused by missing or incorrect nonce validation on the enable_eng function. This allows unauthenticated attackers to modify a...

CVE-2025-9623 Admin in English with Switch <= 1.1 - Cross-Site Request Forgery

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

CVE-2025-9623 Admin in English with Switch <= 1.1 - Cross-Site Request Forgery

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

ISPConfig Security Vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, which allows you to manage multiple servers, open web sites, monitor server operation status, etc. via a web control panel. A security vulnerability exists in ISPConfig versions prior to 3.2.11p1, which stems from the fact that ...

PT-2023-25046 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: cmseasy version 7.7.7.7 Description: A path traversal issue was discovered, allowing attackers to execute arbitrary code and perform local file inclusion via the add action method at lib/admin/language admin.php. Recommendations: For version...