CVE-2022-50944

Aero CMS 0.0.1 is affected by a PHP code injection vulnerability. Authenticated attackers can upload PHP files via the image parameter to the admin posts.php endpoint with source=add_post, leading to server-side code execution. The vulnerability exposes high impact on confidentiality, integrity, ...

PT-2025-23433 · Unknown · Chaitak-Gorai Blogbook

Name of the Vulnerable Software and Affected Versions: chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 Description: A critical vulnerability was found in chaitak-gorai Blogbook. The issue affects an unknown function of the file /admin/posts.php?source=add post, where the...

CVE-2022-28422

The CVE-2022-28422 entry concerns Baby Care System v1.0, which is vulnerable to a SQL injection in the administrative interface. Specifically, the weakness is exposed via /admin/posts.php&action=edit (per multiple sources, e.g., NVD entries and CNVD/CVE records). The root cause is an injectable S...

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

Sql injection

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

CVE-2021-46458

Victor CMS v1.0 contains a SQL injection in the admin/posts.php?source=add_post component. The vulnerability is exploitable via a crafted POST request to post_title, allowing an attacker to inject SQL statements through user input. According to NVD, CVSS metrics show a CVSS‑3.1 base score of 7.5 ...