CVE-2018-5668

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnuusernamevalidationtitle parameter...

CVE-2025-3338

A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/usersave.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-26006

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest...

CVE-2025-26002

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost...

CVE-2025-26011

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword...

CVE-2025-26005

CVE-2025-26005 affects the Telesquare TLR-2005KSH, version 1.1.4. The vulnerability is an unauthorized stack overflow triggered by an admin.cgi request with setNtp, leading to high impact on confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). The connected sources provide cons...

CVE-2025-26005

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp...

CVE-2025-26002

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

CVE-2025-26004

CVE-2025-26004 affects Telesquare TLR-2005KSH firmware 1.1.4. The vulnerability is an unauthorized stack buffer overflow triggered by the admin.cgi parameter setDdns, exposing potential remote impact with high/critical severity per CVSS metrics. No exploit specifics or affected vendor list beyond...

FeehiCMS 代码问题漏洞

FeehiCMS is a Php based CMS website builder by Liufee personal developer. A code issue vulnerability exists in FeehiCMS version 2.1.1 and prior versions, which originates from an unverified file upload vulnerability in the FriendlyLinkimage parameter of the /admin/index.php?r=friendly-link%2Fupda...

CVE-2024-33962 SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...

Employee Task Management System Security Vulnerability

Employee Task Management System is an employee task management system by Carlo Montero Personal Developer. A security vulnerability exists in Employee Task Management System version 1.0, which stems from an authorization bypass due to misuse of the parameter adminid...

BIT-PHPLIST-2020-23192

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module...

Sql injection

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the action parameter of admin/index.php?action=, and can be...

CVE-2023-24674

Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter...

CVE-2023-24674

Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter...

Bludit CMS Security Vulnerability

Bludit is an open source lightweight blog content management system CMS. A security vulnerability exists in Bludit CMS version v.4.0.0, which stems from a vulnerability that allows a local attacker to escalate privileges via the role:admin parameter...

CVE-2023-2698

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manageitem of the component GET Parameter Handler. The manipulation of the argument id leads to sql...