403 matches found
CVE-2022-27477
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit...
CVE-2022-1288
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...
CVE-2022-27884
Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...
CVE-2022-24602
Luocms v2.0 is affected by SQL Injection in /admin/news/newsmod.php...
CVE-2020-21236
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie...
ZZCMS 跨站脚本漏洞
ZZZCMS is a content management system CMS from the ZZZCMS team in China. ZZZCMS suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the editfile action of /adminxxx/save.php. An attacker could exploit the...
S-CMS 跨站脚本漏洞
S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS, China. S-CMS suffers from a cross-site scripting vulnerability that stems from cross-site scripting XSS in S-CMS build 20191014 and earlier versions that allows remote attackers to execute arbitrary code via the Site Title...
bycms 跨站请求伪造漏洞
bycms is a simple, easy-to-use content management system. A cross-site request forgery vulnerability exists in bycms v1.3, which can be triggered by an attacker via admin.php/systems/index/moduleid/70/groupid/1.html...
CVE-2020-22206
SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliateck.php...
CVE-2020-36005
AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site...
PT-2021-18215 · Grav · Grav Admin Plugin
Name of the Vulnerable Software and Affected Versions: Grav admin plugin versions prior to 1.10.11 Description: The issue arises from incorrect verification of caller's privileges, allowing users with the admin.login permission to install third-party plugins and their dependencies. This can lead ...
Smartstore SmartStoreNET 跨站请求伪造漏洞
Smartstore SmartStoreNET is an open source e-commerce Web platform of Germany Smartstore company . The platform includes CRM, CMS, sales, marketing, payment, order processing and other functions. A cross-site request forgery vulnerability exists in Smartstore SmartStoreNET versions prior to 4.1.0...
CVE-2019-16997
In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/languagegeneral.class.php via the admin/?n=language&c=languagegeneral&a=doExportPack appno parameter...
CVE-2019-9912
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...
LFCMS Directory Traversal Vulnerability
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. LFCMS version 3.8.6 of http://www.a.com:84/admin.php?s=/Template/index.html页面存在目录遍历漏洞. An attacker can exploit this vulnerability with the help of the '...' sequence in the Template/edit/path URIs. ' sequence in...
DamiCMS Arbitrary File Read Vulnerability
DamiCMS is a content management system CMS for building websites quickly. A security vulnerability exists in DamiCMS version 6.0.1. A remote attacker can exploit the vulnerability by sending a specially crafted request admin.php?s=Tpl/Add/id to read arbitrary files...
tp5cms cross-site scripting vulnerability (CNVD-2018-26479)
tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in the admin.php/system/set.html page in tp5cms 2017-05-25 and earlier versions. A remote attacker can...
CVE-2018-18773
CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password...
XiaoCms Information Disclosure Vulnerability
XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. A security vulnerability exists in /admin/index.php?c=database in XiaoCms version 20141229. The vulnerability can be exploited to obtain the full path with t...
CVE-2018-18741
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMSDownload.php?lgid=1 during editing...