18 matches found
CVE-2019-7934
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...
EUVD-2018-2049
Malware in sbrugna...
EUVD-2018-11251
Malware in sbrugna...
EUVD-2019-8568
Malware in sbrugna...
EUVD-2021-29986
Malicious code in bioql PyPI...
EUVD-2022-4832
Malicious code in bioql PyPI...
EUVD-2025-3994
Malicious code in bioql PyPI...
CVE-2025-52921
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...
CVE-2025-48926
CVE-2025-48926 affects the TeleMessage service admin panel (through 2025-05-05). The vulnerability enables an attacker to enumerate sensitive user data including usernames, email addresses, passwords, and telephone numbers via the administrative interface, constituting a high confidentiality impa...
CVE-2024-34349
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...
Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting
The plugin allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. In Page/Post Access tab, Use XSS Payload as "alert'XSS' in any of the pages available. XSS wi...
WordPress Ajax Search Pro Untrusted Data Deserialization Vulnerability
WordPress Ajax Search Pro is a search engine from WordPress. An untrusted data deserialization vulnerability exists in the import database feature of the admin panel of WordPress Ajax search pro versions prior to 4.20.8, which can be exploited by an attacker to achieve remote code execution...
PrestaShop CSV Injection Vulnerability
PrestaShop is a full-featured, cross-platform, free and open source e-commerce solution designed for web 2.0. A CSV injection vulnerability exists in PrestaShop versions prior to 1.7.2. An attacker can exploit this vulnerability by using the store search keyword in the admin panel to conduct a CS...
CVE-2018-5291
CVE-2018-5291 affects WordPress GD Rating System plugin v2.3. The vulnerability is a directory traversal flaw in the wp-admin/admin.php panel on the gd-rating-system-tools page, allowing potential reads of arbitrary files (as indicated by CNVD/NVD entries). NVD lists CVSS v3 base score 7.5 (HIGH)...
程氏舞曲CMS储存型xss可跨管理员
简要描述: .... 详细说明: 还是那个获取ip的函数,既然可以伪造ip那么坑定可以插入js了。 function GetIP if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP", "unknown" $ip = getenv"HTTPCLIENTIP"; else if getenv"HTTPXFORWARDEDFOR" && strcasecmpgetenv"HTTPXFORWARDEDFOR", "unknown" $ip = getenv"HTTPXFORWARDEDFOR"; else if...
lifetype 1.2.11 CSRF Add User
Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title := lifetype 1.2.11 CSRF Add User Date := 05/april/2012 Author := khaled-Ham Software link :...
InterForum v.1.0.0 BETA 1 many holes
InterForum v.1.0.0 BETA 1 many holes Founder : MaskNBTA -- [email protected] Date : 6/18/2003 Version : 1.0 Beta 1 maybe all below version Problems : + XSS bug + Read private message ' s another account + Change profile ' s another account ---- access admin panel 1/ XSS bug : In...
MyGuestBK - Unauthorized Admin Panel Access
source: https://www.securityfocus.com/bid/7213/info MyGuestBk has been reported vulnerable to unauthorized Admin Panel Access. It has been reported that an attacker may access arbitrary MyGuestBK administrative functions through the MyGuestBK administration panel without prior authorization...