Library Management System跨站脚本漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System has a cross-site scripting vulnerability that originates in the file /admin/editadmindetails.php?id= The admin's parameter Name lacks a...

PHPCMS 跨站脚本漏洞

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes news, images, downloads, information, products and other modules. A cross-site scripting vulnerability exists in PHPCMS version V9.6.3, which stems from a lack of filtering escapes for parameters on...

CVE-2022-30399

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/?page=maintenance/managecategory&id=...

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin eID Easy, which originates from an incorrect parameter in the /admin.php file that allows an attacker to inject arbitrary web scripts...

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

CVE-2020-23192

CVE-2020-23192 is a stored XSS in phplist ≤ 3.5.4, exploitable by an authenticated user via a crafted payload in the admin parameter of the Manage Administrators module. The vulnerability can lead to execution of arbitrary web scripts/HTML. Public technical details are provided by multiple source...

PT-2021-10854 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist versions 3.5.4 and below Description: A stored cross site scripting XSS issue allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the admin parameter under the "Manage administrators" modul...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited to execute arbitrary Web script or HTML via the "admin" parameter under the "Manage Administrators"...

PT-2021-16726 · Unknown · Testes De Codigo

Name of the Vulnerable Software and Affected Versions: Testes de Codigo versions 11.4 and prior Description: The issue allows an attacker to gain access to the administrative interface and premium features by tampering with the boolean value of parameters isAdmin and isPremium located on device...

Testesdecodigogratis Testes de Codigo 安全漏洞

Testesdecodigogratis Testes de Codigo is a mobile application from Testesdecodigogratis in Portugal that provides users with driver's license learning. A security vulnerability exists in Testes de Codigo 11.4 and prior that allows an attacker to tamper with the Boolean values of the parameters...

CVE-2019-19110

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter...

PT-2026-5160

Name of the Vulnerable Software and Affected Versions M/Monit version 3.7.4 Description An authenticated user can escalate privileges by manipulating the admin parameter. An attacker can send a crafted POST request to the /api/1/admin/users/update endpoint to grant administrative access to a...

Sql injection

An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997...

CVE-2019-17418

An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997...

Sql injection

The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin currentsliderid parameter...

CVE-2019-16996

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

CVE-2019-11393

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...

M/Monit Elevation of Privilege Vulnerability

M/Monit monitors and manages distributed computer systems, performs automated maintenance and remediation, and performs meaningful causal behavior in the event of an error. An elevation of privilege vulnerability exists in /admin/users/update in versions of M/Monit prior to 3.7.3. An unprivileged...