Cxuucms SQL注入漏洞

cxuucms is a PHP-based content relationship building system. cxuucms version 3.1 has a SQL injection vulnerability that originates from setting the pid parameter in public/admin.php, which can be exploited by attackers to obtain sensitive database information...

CVE-2021-34652

The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /mmuadmin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

AppCMS SQL注入漏洞

APPCMS is a professional APP content management system, APP application part needs to be used in combination with data center. A SQL injection vulnerability exists in /admin/downloadframe.php in AppCMS version 2.0.101. An attacker can exploit this vulnerability to obtain sensitive information fro...

CVE-2020-18215

Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the 1 adid, 2 menuid, and 3 cashoutid parameters, which could let a remote malicious user execute arbitrary code...

CXUUCMS Cross-Site Scripting Vulnerability (CNVD-2020-75073)

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS 3.1 suffers from a reflective cross-site scripting vulnerability. Attackers can use the vulnerability to inject arbitrary Web script or HTML via the imgurl parameter of admin.php?c=content&a=add...

CXUUCMS Cross-Site Scripting Vulnerability

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. A cross-site scripting vulnerability exists in CXUUCMS V3. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the first and third input fields of /public/admin.php...

Lexiglot Operating System Command Injection Vulnerability

Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. An operating system command injection vulnerability exists in the admin.php script in Lexiglot versions 2014-11-20 and earlier. An attacker can exploit this vulnerability by adding a new item to execu...

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

WP Google Maps Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wp-admin/admin.php file in versions of the WordPress...

CVE-2019-7569

An issue was discovered in DOYO aka doyocms 2.320140425 update. There is a CSRF vulnerability that can add a super administrator account via admin.php?c=aadminuser&a=add&run=1...

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

DESTOON B2B Cross-Site Scripting Vulnerability (CNVD-2018-21497)

DESTOON B2B is a PHP and MySQL based on open source B2B e-commerce website management system . A cross-site scripting vulnerability exists in the admin/category.inc.php file in DESTOON B2B version 7.0. A remote attacker can inject arbitrary Web script or HTML by providing the 'categorycatname'...

CVE-2018-16315

In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add...

DamiCMS Directory Traversal Vulnerability

DamiCMS is a content management system CMS for building websites quickly. A directory traversal vulnerability exists in the admin.php file in DamiCMS version 6.0.1, which can be exploited to read the contents of the file with the help of the '|' character in the 's' parameter...

waimai Super Cms Cross Site Scripting Vulnerability

waimai Super Cms is a takeaway ordering system. The system is compatible with IE, Firefox, Chrome, Safari and Opera browsers. A cross-site scripting vulnerability exists in version 20150505 of waimai Super Cms. A remote attacker can exploit this vulnerability by sending the 'fcname' parameter to...

Sandoba CP:Shop '. /cpshop/' module cross-site scripting vulnerability

Sandoba CP:Shop is a set of online store system of German Sandoba company. The system sales management, financial management and site search and other functions. The Sandoba CP:Shop 2016.1 version of the '. /cpshop/' module has a cross-site scripting vulnerability in the 'admin.php' file. The...

CVE-2018-12603

Cross-site request forgery CSRF vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114...

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01266)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...