CVE-2019-11393

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...

CVE-2018-18018

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Galleryid or Gallerytitle parameter...

CVE-2019-9661

Stored XSS exists in YzmCMS 5.2 via the admin/systemmanage/userconfigedit.html "value" parameter,...

CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...

CVE-2018-19506

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-09131)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo 6.1.2, which can be exploited by an attacker via the /admin/index.php bigclass parameter in the n=column&a=doadd operation...

CVE-2018-12110

portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter...

CVE-2018-5671

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extrafield1itemsfielditem1pricepercent parameter...

CVE-2018-5664

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php socialicon1 parameter...

CVE-2018-5665

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logoheight parameter...

CVE-2018-5657

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php countertitleicon parameter...

CVE-2017-17909

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter...

CVE-2017-17929

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter...

CVE-2017-15978

AROX School ERP PHP Script 1.0 allows SQL Injection via the officeadmin/ id parameter...

WordPress WP-Testimonials Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on PHP and MySQL servers.WP-Testimonials plugin is one of the plugins that can be used to add 'testimonials' to the sidebar or any page/post...

Mura CMS Cross-Site Scripting Vulnerability

Mura CMS is the content management system that makes it easier and faster to build and update websites. A cross-site scripting vulnerability exists in Mura CMS version 7.0.6967, which can be exploited by remote attackers to inject arbitrary web script or HTML using the admin/?muraAction parameter...

Privilege Escalation

devisesecurityextension is vulnerable to privilege escalation. The library accepts changes to the user parameters when a user is updating their expired passwords, a malicious user can pass the parameter of admin=true to escalate themselves to admin level privilege...

The vulnerability of the Zyxel ZLD operating system, which allows a malicious individual to trigger a service failure.

The Web interface of the Zyxel ZyWALL USG 300 network switch/router contains a vulnerability related to authentication on the client side. This allows a malicious individual to obtain device administrator privileges by manipulating the “IsAdmin” parameter...

NETonE PHPBook 1.4.6 Guestbook.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14390/info NETonE PHPBook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input to the 'admin' parameter of the 'guestbook.php' script. A successful exploi...

Tagit! Tagit2b 2.1.B Build 2 tagmin/readconf.php admin Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application...