Lucene search
K

70 matches found

NVD
NVD
added 2025/08/14 12:15 p.m.6 views

CVE-2025-8960

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/saveairlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...

9.8CVSS0.00463EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/14 11:32 a.m.8 views

CVE-2025-8960 Campcodes Online Flight Booking Management System save_airlines.php sql injection

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/saveairlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS0.00463EPSS
Exploits0References6
CVE
CVE
added 2025/08/10 12:2 p.m.19 views

CVE-2025-8808

CVE-2025-8808 affects xujeff tianti 天梯 up to 2.3. The vulnerability is in the exportOrder function of /tianti-module-admin/user/ajax/save within com.jeff.tianti.controller, enabling CSV injection. Exploitation appears possible remotely and public disclosures exist. Multiple connected sources conf...

5.3CVSS7.4AI score0.00257EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.2 views

PublicCMS 安全漏洞

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A security vulnerability exists in PublicCMS version 5.202406.d. The vulnerability stems from some unknown handling of the file /admin/cmsVote/save that can lead to cross-site scripting...

5.3CVSS4.5AI score0.00486EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.3 views

Complaints Report Management System 跨站脚本漏洞

Complaints Report Management System is a Complaints Report Management System by Carlo Montero Personal Developer. A cross-site scripting vulnerability exists in version 1.0 of the Complaints Report Management System, which stems from a cross-site scripting vulnerability in the name parameter of t...

5.4CVSS4.5AI score0.00422EPSS
Exploits1References5
OSV
OSV
added 2023/09/29 2:15 p.m.2 views

CVE-2023-5263

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

8.8CVSS5.3AI score0.00643EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.4 views

PT-2023-31984 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZZCMS version 2.1.7 Description: A critical issue was found in the restore function of the /admin/save.php file, part of the Database Backup File Handler component. This issue leads to permission problems and can be exploited remotely. The...

8.8CVSS6.5AI score0.00643EPSS
Exploits1References7
OSV
OSV
added 2023/05/19 5:15 p.m.4 views

CVE-2023-2814

A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/saveteacher.php of the component POST Parameter Handler. The manipulation of the argument AcademicRank leads to cross site scripting. It is...

6.1CVSS3.9AI score0.0059EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/19 12:0 a.m.6 views

PT-2023-21588 · Sourcecodester · Sourcecodester Class Scheduling System

Name of the Vulnerable Software and Affected Versions: SourceCodester Class Scheduling System version 1.0 Description: A problematic vulnerability has been found in the SourceCodester Class Scheduling System. The issue affects an unknown function of the file /admin/save teacher.php, specifically...

6.1CVSS4.3AI score0.0059EPSS
Exploits1References5
OSV
OSV
added 2023/05/08 2:15 p.m.3 views

CVE-2020-36065

Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...

8.8CVSS5.9AI score0.00337EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.7 views

PT-2023-11799 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: A Cross Site Request Forgery CSRF issue allows attackers to add arbitrary administrator accounts via the "system/admin/admin save" endpoint. This can be exploited by attackers to gain unauthorized access to the...

8.8CVSS7.4AI score0.00337EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/05/26 2:15 p.m.5 views

CVE-2022-29661

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...

7.2CVSS6AI score0.00896EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/26 12:0 a.m.6 views

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/news/save validation of external input...

7.2CVSS6.1AI score0.00793EPSS
Exploits1References2
Prion
Prion
added 2022/05/17 4:15 p.m.17 views

Cross site scripting

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...

3.5CVSS5.2AI score0.0154EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/09/15 5:15 p.m.2 views

CVE-2020-21126

MetInfo 7.0.0 contains a Cross-Site Request Forgery CSRF via admin/?n=admin&c=index&a=doSaveInfo...

8.8CVSS7.3AI score0.00612EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

4.8CVSS5.2AI score0.00547EPSS
Exploits1References3
OSV
OSV
added 2021/05/10 6:15 p.m.2 views

CVE-2020-19199

A Cross Site Request Forgery CSRF vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code...

8.8CVSS6AI score0.00913EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/16 12:0 a.m.3 views

Chadha PHPKB Remote Code Execution Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A remote code execution vulnerability exists in admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker...

7.2CVSS8.2AI score0.04884EPSS
Exploits5References1
OSV
OSV
added 2020/03/12 2:15 p.m.3 views

CVE-2020-10452

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/save-article.php by adding a question mark ? followed by the payload...

4.8CVSS5.9AI score0.00733EPSS
Exploits3References2
OSV
OSV
added 2020/03/12 2:15 p.m.4 views

CVE-2020-10390

OS Command Injection in export.php vulnerable function called from include/functions-article.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php...

7.2CVSS7.2AI score0.04326EPSS
Exploits1References2
Rows per page
Query Builder