CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

PT-2023-32427 · Campcodes · Campcodes Simple Student Information System

Name of the Vulnerable Software and Affected Versions: Campcodes Simple Student Information System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file /admin/students/manage academic.php. The manipulation of the id argument leads to SQL...

PT-2023-32428 · Unknown · Campcodes Simple Student Information System

Name of the Vulnerable Software and Affected Versions: Campcodes Simple Student Information System version 1.0 Description: A vulnerability was found in the system, affecting unknown code of the file /admin/students/manage academic.php. The manipulation of the student id argument leads to...

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from the presence of an unknown section in the file /admin/listaddrfwresourceip.php, which leads to...

CVE-2023-43857

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /admin/u/toIndex...

CVE-2023-3882

A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-accepted-appointment.php. The manipulation of the argument contactno leads to sql injection. The attack m...

Campcodes Beauty Salon Management System 跨站脚本漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes, Inc. A cross-site scripting vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which stems from unknown processing in /admin/edit-accepted-appointment.php, which leads to...

CVE-2023-37746

A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component...

AppleZeed CMS 2.0 SQL Injection

==================================================================================================================================== | Title : AppleZeed CMS v2.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 71.032-bit | |...

CVE-2023-3239

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be...

Campcodes Retro Cellphone Online Store SQL注入漏洞

Campcodes Retro Cellphone Online Store is a retro cellphone online store by Campcodes. A SQL injection vulnerability exists in Campcodes Retro Cellphone Online Store version 1.0, which originates from an unknown function in /admin/modaladdproduct.php, which leads to an sql injection via the...

Online Exam Form Submission SQL注入漏洞

Online Exam Form Submission is an online exam form submission application by janobe individual developers. A SQL injection vulnerability exists in Online Exam Form Submission version 1.0, which originates from an unknown section in /admin/updates6.php and results in an sql injection via the...

CVE-2020-22334

Cross Site Request Forgery CSRF vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/adminadmin.php...

Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal

The plugin does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. - Payload: ../../../../../../../../../../../../../../../../../../../ - At the "Other...

PT-2023-18236 · Campcodes · Campcodes Online Thesis Archiving System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Thesis Archiving System version 1.0 Description: A critical issue has been found in the system, affecting the /admin/curriculum/view curriculum.php file. The manipulation of the id argument leads to SQL injection, allowing fo...

Sourcecodester Vehicle Service Management System SQL注入漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. SourceCodester Vehicle Service Management System version 1.0 SQL injection vulnerability , the vulnerability stems from the path...

Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal

- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. - The below...

CVE-2023-26956

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code...

taoCMS 跨站请求伪造漏洞

taoCMS is a Chinese micro CMS Content Management System. A security vulnerability exists in taoCMS version 3.0.2, which allows remote attackers to elevate privileges via taocms/admin/admin.php...

CVE-2022-46955

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...