MAL-2026-2718 Malicious code in @the-coca-cola-company/receipt-scanner-admin-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 046b5475599d30f293f2eeb7ab9fce35c44cd678ab2cecde2c96e588a170d822 The package @the-coca-cola-company/receipt-scanner-admin-lib was found to contain malicious code...

Malicious code in @the-coca-cola-company/receipt-scanner-admin-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 046b5475599d30f293f2eeb7ab9fce35c44cd678ab2cecde2c96e588a170d822 The package @the-coca-cola-company/receipt-scanner-admin-lib was found to contain malicious code...

PT-2025-6879 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: CmsEasy version 7.7.7.9 Description: A vulnerability has been found in the function deleteimg action in the library lib/admin/image admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched...

PT-2024-15636 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: CmsEasy versions up to 7.7.7 Description: A critical issue was found in the function getslide child action in the library lib/admin/language admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched...

CVE-2023-6042

Any unauthenticated user may send e-mail from the site with any title or content to the admin...

CVE-2023-2420

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...

CVE-2022-28420

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

PopojiCMS Directory Traversal Vulnerability

PopojiCMS is an open source content management system CMS based on the Popoji framework. A directory traversal vulnerability exists in the adminlibrary.php file in PopojiCMS v2.0.1. A remote attacker can exploit this vulnerability to delete arbitrary files with the help of specially crafted...

Sql injection

SQL injection vulnerability in Stash 1.0.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the 1 username parameter to admin/library/authenticate.php and the 2 download parameter to downloadmp3.php. NOTE: some of these details are obtained from thir...