Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 8:32 p.m.12 views

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

8.8CVSS6.2AI score0.00488EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/08/19 7:15 p.m.7 views

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

6.9CVSS0.00341EPSS
Exploits1References2
OSV
OSV
added 2019/07/25 5:15 p.m.4 views

CVE-2019-9884

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

9.8CVSS5.8AI score0.0296EPSS
Exploits1References3
0day.today
0day.today
added 2016/10/03 12:0 a.m.51 views

Imrokraft Solutions CMS Admin Page ByPass Vulnerability

Exploit for php platform in category web applications Exploit Title : Imrokraft Solutions CMS Admin Page ByPass Exploit Author : xBADGIRL21 Dork : intext:"Designed by Imrokraft Solutions" or intext:"Powered By : Imrokraft Solutions" Vendor : http://www.imrokraft.com/ Tested on: Windows...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/10/03 12:0 a.m.20 views

The Realm / Dashgum Software CMS Admin Page ByPass Vulnerability

Exploit for php platform in category web applications Exploit Title : The Realm / Dashgum Software CMS Admin Page ByPass Exploit Author : xBADGIRL21 version The Realm : 1.0.1 version Dashgum : v2 Vendor : http://www.bluthemes.com/item/realm - http://gridgum.com/themes/dashgum-bootstrap-dashboard/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/09 12:0 a.m.28 views

SMEweb 1.5f Cross Site Scripting / SQL Injection

Exploit Title : SMEweb 1.5f Multiple Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.ebizzi.net/ Google Dork : "Powered by SMEweb" Date: 2016/02/07 Version: 1.5f PoC: 1-Admin Page Bypass Username : '=''or' Password : '=''or' Demo :...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/02 12:0 a.m.25 views

SuperCheapCallSltd SQL Injection

| \ | / /| | | / || \ | D | \ | || o || | | / | |\ || / || || | | | \ | |/ \ || | || || | | | . \ | |\ || | || | || | | ||||||||||||||| Exploit name: SuperCheapCallSltd admin page bypass Google dork: Make one by yourself ! Exploit author: Risman Tested on: Linux Security Risk : High Category:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/02 12:0 a.m.23 views

A1 Creation SQL Injection

| \ | / /| | | / || \ | D | \ | || o || | | / | |\ || / || || | | | \ | |/ \ || | || || | | | . \ | |\ || | || | || | | ||||||||||||||| Exploit name: A1 Creation admin page bypass Google dork: Make one by yourself ! Exploit author: Risman Tested on: Linux Security Risk : Category: Web...

Exploits0
Packet Storm
Packet Storm
added 2012/12/02 12:0 a.m.30 views

Apex Software House SQL Injection

| \ | / /| | | / || \ | D | \ | || o || | | / | |\ || / || || | | | \ | |/ \ || | || || | | | . \ | |\ || | || | || | | ||||||||||||||| Exploit name: Apex Software House admin page bypass Google dork: Make one by yourself ! Exploit author: Risman Tested on: Linux Security Risk : High Category:...

Exploits0
Packet Storm
Packet Storm
added 2011/10/02 12:0 a.m.21 views

The Formula Group SQL Injection

============================================ Exploit Title : The Formula Group Auth bypass Google Dork : intext:"WEB DESIGN BY THE FORMULA" Date : 2011-2-10 Author : nGa Sa Lu GaNgst3r Service Link : http://www.theformula.co.za/index.phptheform Tested on : Vista Platform : asp...

0.6AI score
Exploits0
0day.today
0day.today
added 2011/06/13 12:0 a.m.32 views

CyberScribe SQL-I & (admin) Auth ByPass Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Rows per page
Query Builder