250 matches found
CVE-2021-36823
CVE-2021-36823 affects the WordPress plugin AGCA – Absolutely Glamorous Custom Admin (version
WordPress WooCommerce Admin plugin <= 2.6.3 - Analytics Report Leaks vulnerability
Analytics Report Leaks vulnerability discovered in WordPress WooCommerce Admin plugin versions = 2.6.3. Solution Update the WordPress WooCommerce Admin plugin to the latest available version at least 2.6.4. Other patched versions of WooCommerce Admin: 1.0.4, 1.1.4, 1.2.5, 1.3.3, 1.4.1, 1.5.1,...
WordPress plugin Blue Admin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Blog_mini 跨站脚本漏洞
Blogmini is an open source blogging system. blogmini version 1.0 has a cross-site scripting vulnerability, the vulnerability originates from the component /admin/custom/blog-plugin/add for parameters without effective validation and escaping, attackers use the vulnerability to execute arbitrary...
WordPress Blue Admin plugin <= 21.06.01 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS discovered by ABISHEIK M in WordPress Blue Admin plugin versions = 21.06.01. Solution Deactivate and delete. This plugin has been closed as of May 28, 2021 and is not available for download. Reason: Security Issue...
Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. PoC Add the...
GravCMS Remote Command Execution
This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...
GravCMS 1.10.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
GravCMS 1.10.7 Remote Command Execution Exploit
This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and...
CVE-2021-29439
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...
CVE-2021-29439
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...
Design/Logic Flaw
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...
CVE-2021-29439
The CVE-2021-29439 issue affects Grav CMS, specifically the Admin plugin prior to version 1.10.11. Root cause: improper privilege verification in the Admin controller/task dispatch allows users with the admin.login permission to install third‑party plugins and their dependencies, potentially enab...
CVE-2021-29439 Plugins can be installed with minimal admin privileges
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...
Grav 安全漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav admin plugin versions prior to 1.10.11, which can be exploited by attackers to execute arbitrary code...
PT-2021-18215 · Grav · Grav Admin Plugin
Name of the Vulnerable Software and Affected Versions: Grav admin plugin versions prior to 1.10.11 Description: The issue arises from incorrect verification of caller's privileges, allowing users with the admin.login permission to install third-party plugins and their dependencies. This can lead ...
CVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...
CVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...
CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...
CVE-2021-21425
GravCMS (Grav Admin Plugin)