CVE-2023-49490

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection

Description The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

PT-2023-11568 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.10-dev2 Description: The issue allows a remote attacker to execute arbitrary php code via the hidden parameter to "admin.php" when editing a page. Recommendations: For Pluck CMS version 4.7.10-dev2, as a temporary...

CVE-2023-34880

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the addaction method at lib/admin/languageadmin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion...

Bus Dispatch and Information System SQL注入漏洞

Bus Dispatch and Information System is a bus dispatch and information system. A SQL injection vulnerability exists in Bus Dispatch and Information System version 1.0, which stems from an unknown function in viewadmin.php that causes sql injection via the parameter branchid...

PT-2023-16334 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file admin/abc.php. The manipulation of the id argument leads to SQL injection. I...

Dynamic Transaction Queuing System SQL注入漏洞

Dynamic Transaction Queuing System is a dynamic transaction queuing system using PHP/MySQL by Carlo Montero, a personal developer. A security vulnerability exists in Dynamic Transaction Queuing System v1.0, which stems from the id parameter of its /admin/ajax.php?action=savequeue component that...

CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

PT-2022-24990 · Unknown · Pingkon Hms-Php

Name of the Vulnerable Software and Affected Versions: Pingkon HMS-PHP affected versions not specified Description: A critical vulnerability has been found in Pingkon HMS-PHP, affecting an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the...

CVE-2022-27413

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php...

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

Maccms 跨站脚本漏洞

Maccms is a PHP-based film and television content management system CMS. maccms v10 version of the cross-site scripting vulnerability, the vulnerability stems from the wd parameter in /admin.php/admin/ulog/index.html lack of user-supplied data and output data validation filter, an attacker can us...

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. An information disclosure vulnerability exists in the JqueryForm.com Jquery Form Builder, which stems from forms generated by JQueryForm.com prior to February 5, 2022 that allow a remote authenticated attacker to acces...

Cacti 跨站脚本漏洞

Cacti is an open source set of network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, uses RRDtool drawing graphs for analysis, and provides data and user management features. a cross-site scripting vulnerability exists in Cacti, which stems from Cac...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS suffers from an access control error vulnerability that stems from an incorrect access control vulnerability in zzcms via admin.php, which can be exploited by an attacker to directly access the administrator console afte...

CVE-2021-34650

The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...

CVE-2021-38334

The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the /wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in WordPress Plugin WordPress Membership SwiftCloud.io, which stems from the failure of the Get request ID parameter in the product /wp-admin/admin.php?page to properly check user input data...