EUVD-2011-3095

Malware in sbrugna...

EUVD-2018-8572

Malware in sbrugna...

EUVD-2018-2136

Malware in sbrugna...

EUVD-2021-11906

Malware in sbrugna...

EUVD-2015-1699

Malware in sbrugna...

EUVD-2021-11979

Malware in sbrugna...

PT-2025-33845 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions 2.8.0 and earlier Description: The application checks the userRole for "admin" privileges only when accessing the /admin page, but not its subroutes. Specifically, the check is performed in routes/adminPanel.py, but not in...

CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products...

CVE-2021-24937

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacuselectedsubtabarea parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2019-14679

core/views/arpriceimportexport.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arpliteimportexport CSRF...

PT-2025-21365 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog versions up to and including 2.5.9 Description: The issue occurs due to a SQL injection vulnerability in the $origContent parameter in admin/article save.php, which is not strictly filtered. This allows registered users to access...

PT-2024-31271 · WordPress · Email Encoder

Name of the Vulnerable Software and Affected Versions: The Email Encoder WordPress plugin versions prior to 2.2.2 Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because the WP Email Encoder Bundle optionsprotection text parameter is not properly escaped befo...

Chaty < 3.0.3 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

PT-2020-12080 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/edit-user.php by adding a question mark ? followed...

PT-2020-12118 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/report-referrers.php. This can be achieved by adding a question mark ? followed b...

PT-2020-12094 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/manage-fields.php by adding a question mark ?...

CVE-2018-20612

UWA 2.3.11 allows index.php?g=admin&c=admin&a=addadmindo CSRF...

WordPress Apptha Video Gallery Plugin <= 2.5 - Multiple SQL Injection

Because of these vulnerabilities, the attackers can execute arbitrary SQL commands via the "videoId" parameter in a newvideo page to wp-admin/admin.php, "vid" parameter in a myextract action to wp-admin/admin-ajax.php or "playlistId" parameter in the newplaylist page. Solution Update the plugin...

OS Commerce 2.2r2 - Authentication Bypass

When this hole was brought to our attention, we were amazed to find that it seems nobody has caught it yet!! There is a page in the admin that can be access without login AND can pass parameters!! /admin/mail.php/login.php /admin/mail.php/login.php?fooled...

Fedora 10 : wordpress-mu-2.8.4a-1.fc10 (2009-8538)

Update spans MU-versions for the following security releases from upstream: http://wordpress.org/development/2009/08/2-8-4-security-release/ http://wordpress.org/development/2009/08/wordpress-2-8-3-security-rele ase/ - Backport of XSS fixes from WordPress 2.8.2 Backport of security fixes for...