CVE-2025-55910

CMSEasy is affected by CVE-2025-55910: versions 7.7.8.0 and earlier are vulnerable to arbitrary file deletion via database_admin.php. The root cause is an issue in CMSEasy’s database_admin.php handling that allows deletion of arbitrary files. Reported references across multiple sources confirm th...

PT-2025-38574

Name of the Vulnerable Software and Affected Versions CMSEasy versions prior to 7.7.8.0 Description CMSEasy versions prior to 7.7.8.0 are susceptible to arbitrary file deletion through the database admin.php file. Recommendations Update to a version newer than 7.7.8.0...

CVE-2025-8434

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-7557

A vulnerability has been found in code-projects Voting System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/votersrow.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit h...

CVE-2025-5371 SourceCodester Health Center Patient Record Management System admin.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Username leads to sql injection. The attack m...

CVE-2024-5380

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

CVE-2023-1720

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...

CVE-2022-29670

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del...

CVE-2014-8941

Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=usersid= or admin.php?page=history= URI...

CVE-2019-17580

tonyy dormsystem through 1.3 allows SQL Injection in admin.php...

CVE-2024-48707

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...

Collabtive 跨站脚本漏洞

Collabtive is a web-based project management system. The system includes features such as project management, document management and time tracking. A security vulnerability exists in Collabtive version 3.1, which originates from a cross-site scripting attack via the name parameter when...

SimpCMS 安全漏洞

SimpCMS is an easy-to-use CMS based on PureEdit. A cross-site scripting vulnerability exists in SimpCMS version 0.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML via a...

PT-2024-28408 · Simpcms · Simpcms

Name of the Vulnerable Software and Affected Versions: SimpCMS version 0.1 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at the "/admin.php" API endpoint. Recommendations: For...

Short Link System 跨站脚本漏洞

Short Link System is an application from the Tech Cloud team that makes long links short in seconds. A cross-site scripting vulnerability exists in Short Link System version 1.0.0, which stems from a cross-site scripting XSS vulnerability in the parameter url of the file admin.php...

PT-2024-24137 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: cmseasy version 7.7.7.9 20240105 Description: The issue allows attackers to delete arbitrary files via a crafted GET request, exploiting a Directory Traversal vulnerability in the lib/admin/image.admin.php file. Recommendations: For cmseasy...

SourceCodester Task Management System 安全漏洞

SourceCodester Task Management System is a task management system. A security vulnerability exists in SourceCodester Task Management System v1.0 that could allow a remote attacker to execute arbitrary code, elevate privileges, and obtain sensitive information via update-admin.php using a crafted...

Internship Portal Management System SQL注入漏洞

Internship Portal Management System is an internship portal management system by the individual developer ChatikoboL. A SQL injection vulnerability exists in Internship Portal Management System version 1.0, which originates from a SQL injection vulnerability in the username/password parameter of...

CVE-2024-1018

A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/indextab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-7096

A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been...