Catfish CMS Cross-Site Request Forgery Vulnerability

Catfish CMS is an open source content management system CMS written in PHP. A cross-site request forgery vulnerability exists in the admin/Index/addmanageuser.html page in Catfish CMS version 4.8.30, which can be exploited by remote attackers to add users...

YUNUCMS cross-site scripting vulnerability (CNVD-2018-23278)

YUNUCMS is a three-network, self-substation system of open source content management system. YUNUCMS 1.1.5 in admin/sitelink/editsitelink?id=16 cross-site scripting vulnerability, attackers can exploit the vulnerability to carry out cross-site attacks...

CVE-2018-18420

Cross-Site Request Forgery CSRF vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenariocontent%2Fpanels%2Fcontent URI...

Hot Drama CMS v2.1 has a flawed logic vulnerability

Hot Drama CMS is a movie and TV station building system developed by PHP+MySQL. There is a logic flaw vulnerability in /admin/cm.php in Hot Drama CMS v2.1, which can be exploited by an attacker to log in to the administration background by modifying the cookie value...

CVE-2018-16447

Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF...

CVE-2018-16373

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/filemanager/save...

WUZHI CMS SQL Injection Vulnerability (CNVD-2018-18142)

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the /coreframe/app/admin/pay/admin/index.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this...

LiteCart File Upload Vulnerability

LiteCart is a free PHP-based e-commerce platform. The platform provides product categorization, payment checkout and search engine and other functions. A security vulnerability exists in the admin/vqmods.app/vqmods.inc.php file in LiteCart versions prior to 2.1.3. A remote attacker can exploit th...

SeaCMS Cross-Site Request Forgery Vulnerability

SeaCMS Ocean CMS is a professional open source free PHP film and television system. SeaCMS version 6.61 suffers from a cross-site request forgery vulnerability, which can be exploited by an attacker to add a user account via adm1n/adminmanager.php?action=add...

CVE-2018-13444

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/adminmanager.php?action=save&id=2...

Directory traversal

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI...

HongCMS Cross-Site Request Forgery Vulnerability

HongCMS is an open source lightweight content management system CMS. A cross-site request forgery vulnerability exists in HongCMS version 3.0.0. A remote attacker can exploit this vulnerability to add an administrator account with the help of admin/index.php/users/save URI...

CVE-2018-9921

In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?c= request...

iScripts SupportDesk txtinteligentsearch parameter cross-site scripting vulnerability

iScripts SupportDesk is a customizable web-based helpdesk software for comprehensive customer support. A cross-site scripting vulnerability exists in iScripts SupportDesk v4.3. The vulnerability can be exploited to conduct a cross-site scripting attack via the txtinteligentsearch parameter in...

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01256)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

WordPress E-goi Smart Marketing SMS and Newsletters Forms Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on PHP and MySQL servers.E-goi Smart Marketing SMS and Newsletters Forms plugin is one of the plugins used in the support of customizable forms...

CVE-2017-18010

The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-formegoi.php url parameter...

WordPress PopCash.Net Code Integration Tool plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . PopCash.Net Code Integration Tool plugin is used in one of the code integration tool . A cross-site scripting...

File upload vulnerability in semcms shqk_Admin/SEMCMS_Upfile.php file

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run. Semcms...

HelpDEZk Cross-Site Request Forgery Vulnerability

HelpDEZk is a suite of PHP-based software for managing requests, events. A cross-site request forgery vulnerability exists in admin/home/person/ in HelpDEZk. It allows remote attackers to construct malicious URIs and trick users into parsing them, which can be used to perform malicious actions an...