Lucene search
K

121 matches found

OSV
OSV
added 2024/05/26 10:15 p.m.6 views

CVE-2024-5379

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.4CVSS3.8AI score0.00368EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/26 12:0 a.m.2 views

JFinalCMS 跨站脚本漏洞

JFinalCMS is a content management system by heyewei personal developer. A cross-site scripting vulnerability exists in JFinalCMS version 20240111 and earlier, which stems from a cross-site scripting XSS vulnerability in the directory parameter of file /admin/template...

5.4CVSS4.4AI score0.00368EPSS
Exploits1References4
OSV
OSV
added 2024/05/07 7:15 p.m.4 views

CVE-2024-34314

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the filegetcontents function in the fetchaction method of /admin/templateadmin.php. This vulnerability allows attackers to read arbitrary files...

4.9CVSS5.9AI score0.00446EPSS
Exploits0References1
OSV
OSV
added 2024/05/07 7:15 p.m.4 views

CVE-2024-34315

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the filegetcontents function in the fckeditaction method of /admin/templateadmin.php. This vulnerability allows attackers to read arbitrary files...

7.5CVSS5.9AI score0.0067EPSS
Exploits1References1
OSV
OSV
added 2024/04/03 5:15 a.m.3 views

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

9.8CVSS6.1AI score0.0123EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.7 views

PT-2024-23724 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: beescms version 4.0 Description: The issue allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin template.php. This is an arbitrary file write vulnerability...

9.8CVSS8.1AI score0.0123EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.3 views

PT-2024-21145 · Cmseasy · Cmseasy

Name of the Vulnerable Software and Affected Versions: cmseasy version 7.7.7.9 Description: The issue is related to an arbitrary file deletion vulnerability. It affects the lib/admin/template admin.php file. Recommendations: For cmseasy version 7.7.7.9, consider restricting access to the...

4.9CVSS6.7AI score0.00614EPSS
Exploits1References5
OSV
OSV
added 2024/01/11 9:15 p.m.6 views

CVE-2024-0426

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cmstemplate.php. The manipulation of the argument tname/tpath leads to sql injection. The attack may be initiated remotely. The exploit has...

9.8CVSS5.6AI score0.00657EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

ForU CMS SQL Injection Vulnerability

ForU CMS is a website builder system of ForU open source. ForU CMS 2020-06-23 and earlier versions exist SQL injection vulnerability , the vulnerability stems from the file admin/cmstemplate.php SQL injection vulnerability...

9.8CVSS7.9AI score0.00657EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-15549 · Foru Cms · Foru Cms

Name of the Vulnerable Software and Affected Versions: ForU CMS versions up to 2020-06-23 Description: A critical issue has been found in ForU CMS, affecting the processing of the file admin/cms template.php. The manipulation of the argument t name/t path leads to sql injection. The attack may be...

9.8CVSS6.9AI score0.00657EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/10/10 1:15 a.m.3 views

CVE-2023-44848

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admintemplate.php component...

8.1CVSS6.2AI score0.00631EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.6 views

SeaCMS Security Vulnerability

SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version v.12.8, which originates from allowing an attacker to execute arbitrary code via the...

8.1CVSS7.7AI score0.00631EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/07/26 1:15 p.m.3 views

CVE-2023-37049

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php...

6.5CVSS6.6AI score0.00578EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/26 12:0 a.m.15 views

CVE-2023-37049

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php...

6.8AI score0.00578EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.4 views

emlog 安全漏洞

emlog is a PHP and MySQL based CMS builder for personal developers of emlog. A security vulnerability exists in version 2.1.9 of emlog, which stems from the ease of deleting arbitrary files via admin emplate.php...

6.5CVSS6.6AI score0.00578EPSS
Exploits1References2
OSV
OSV
added 2023/07/26 12:0 a.m.9 views

CVE-2023-37049

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php...

6.5CVSS7AI score0.00578EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.5 views

PT-2023-20810 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: EcShop version 4.1.5 Description: An arbitrary file upload issue in the /admin/template.php component allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For EcShop version 4.1.5, consider disabling the...

7.4AI score
Exploits0References3
OSV
OSV
added 2023/02/11 6:15 p.m.2 views

CVE-2023-0783

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/11 12:0 a.m.7 views

PT-2023-16524 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: EcShop version 4.1.5 Description: A critical issue affects the PHP File Handler component, specifically the /ecshop/admin/template.php file, leading to unrestricted upload. The attack can be initiated remotely. Recommendations: For EcShop...

9.8CVSS5.3AI score0.00875EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.5 views

AyaCMS 安全漏洞

AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version v3.1.2, which stems from its /admin/tpledit.inc.php component that allows an attacker to achieve remote code execution...

7.2CVSS7.5AI score0.01357EPSS
Exploits1References2
Rows per page
Query Builder