70 matches found
CVE-2025-8960
A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/saveairlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-8960 Campcodes Online Flight Booking Management System save_airlines.php sql injection
A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/saveairlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-8808
CVE-2025-8808 affects xujeff tianti 天梯 up to 2.3. The vulnerability is in the exportOrder function of /tianti-module-admin/user/ajax/save within com.jeff.tianti.controller, enabling CSV injection. Exploitation appears possible remotely and public disclosures exist. Multiple connected sources conf...
PublicCMS 安全漏洞
PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A security vulnerability exists in PublicCMS version 5.202406.d. The vulnerability stems from some unknown handling of the file /admin/cmsVote/save that can lead to cross-site scripting...
Complaints Report Management System 跨站脚本漏洞
Complaints Report Management System is a Complaints Report Management System by Carlo Montero Personal Developer. A cross-site scripting vulnerability exists in version 1.0 of the Complaints Report Management System, which stems from a cross-site scripting vulnerability in the name parameter of t...
CVE-2023-5263
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
PT-2023-31984 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZZCMS version 2.1.7 Description: A critical issue was found in the restore function of the /admin/save.php file, part of the Database Backup File Handler component. This issue leads to permission problems and can be exploited remotely. The...
CVE-2023-2814
A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/saveteacher.php of the component POST Parameter Handler. The manipulation of the argument AcademicRank leads to cross site scripting. It is...
PT-2023-21588 · Sourcecodester · Sourcecodester Class Scheduling System
Name of the Vulnerable Software and Affected Versions: SourceCodester Class Scheduling System version 1.0 Description: A problematic vulnerability has been found in the SourceCodester Class Scheduling System. The issue affects an unknown function of the file /admin/save teacher.php, specifically...
CVE-2020-36065
Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...
PT-2023-11799 · Flycms · Flycms
Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: A Cross Site Request Forgery CSRF issue allows attackers to add arbitrary administrator accounts via the "system/admin/admin save" endpoint. This can be exploited by attackers to gain unauthorized access to the...
CVE-2022-29661
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/news/save validation of external input...
Cross site scripting
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...
CVE-2020-21126
MetInfo 7.0.0 contains a Cross-Site Request Forgery CSRF via admin/?n=admin&c=index&a=doSaveInfo...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
CVE-2020-19199
A Cross Site Request Forgery CSRF vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code...
Chadha PHPKB Remote Code Execution Vulnerability
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A remote code execution vulnerability exists in admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker...
CVE-2020-10452
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/save-article.php by adding a question mark ? followed by the payload...
CVE-2020-10390
OS Command Injection in export.php vulnerable function called from include/functions-article.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php...