Code-Projects Modern Bag 注入漏洞

Modern Bag is an online management system. Modern Bag suffers from an SQL injection vulnerability that stems from an error in the parameter idStatus in file /admin/contact-list.php that lacks validation of externally entered SQL statements. An attacker can use this vulnerability to execute illega...

SourceCodester Student Result Management System 代码注入漏洞

SourceCodester Student Result Management System is a SourceCodester open source student result management system. A code injection vulnerability exists in SourceCodester Student Result Management System version 1.0, which originates from a cross-site scripting attack due to incorrect manipulation...

CVE-2023-1961

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=systeminfo. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the...

CVE-2020-28845

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system...

PT-2025-4010 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found in JoeyBling bootplus, affecting an unknown part of the file /admin/sys/user/list. The manipulation of the sort argument...

CVE-2024-10202 Wellchoose Administrative Management System - OS Command Injection

Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands...

CVE-2024-10201 Wellchoose Administrative Management System - Arbitrary File Upload

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells...

CVE-2024-10200 Wellchoose Administrative Management System - Arbitrary File Read through Path Traversal

Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server...

CVE-2024-7917

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument sitefavicon leads to unrestricted upload. The...

CVE-2024-7580

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The...

Alien ALR-F800 操作系统命令注入漏洞

The Alien ALR-F800 is an RFID sensor from Alien. An operating system command injection vulnerability exists in the Alien ALR-F800 version 19.10.24.00 and prior versions, which stems from the uploadedFile parameter in the /admin/system.html file containing an operating system command injection...

GHSA-5VRP-638W-P8M2 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...

Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...

CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...

CVE-2024-24160

MRCMS 3.0 contains a Cross-Site Scripting XSS vulnerability via /admin/system/saveinfo.do...

CVE-2024-24160

MRCMS 3.0 contains a Cross-Site Scripting XSS vulnerability via /admin/system/saveinfo.do...

CVE-2024-24160

MRCMS 3.0 contains a Cross-Site Scripting XSS vulnerability via /admin/system/saveinfo.do...

MRCMS Security Vulnerabilities

MRCMS is a content management system by marker personal developer. A security vulnerability exists in MRCMS version 3.0, which was discovered to contain a cross-site scripting XSS vulnerability via /admin/system/saveinfo.do...

CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...