121 matches found
CVE-2024-5379
A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
JFinalCMS 跨站脚本漏洞
JFinalCMS is a content management system by heyewei personal developer. A cross-site scripting vulnerability exists in JFinalCMS version 20240111 and earlier, which stems from a cross-site scripting XSS vulnerability in the directory parameter of file /admin/template...
CVE-2024-34314
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the filegetcontents function in the fetchaction method of /admin/templateadmin.php. This vulnerability allows attackers to read arbitrary files...
CVE-2024-34315
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the filegetcontents function in the fckeditaction method of /admin/templateadmin.php. This vulnerability allows attackers to read arbitrary files...
CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...
PT-2024-23724 · Beescms · Beescms
Name of the Vulnerable Software and Affected Versions: beescms version 4.0 Description: The issue allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin template.php. This is an arbitrary file write vulnerability...
PT-2024-21145 · Cmseasy · Cmseasy
Name of the Vulnerable Software and Affected Versions: cmseasy version 7.7.7.9 Description: The issue is related to an arbitrary file deletion vulnerability. It affects the lib/admin/template admin.php file. Recommendations: For cmseasy version 7.7.7.9, consider restricting access to the...
CVE-2024-0426
A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cmstemplate.php. The manipulation of the argument tname/tpath leads to sql injection. The attack may be initiated remotely. The exploit has...
ForU CMS SQL Injection Vulnerability
ForU CMS is a website builder system of ForU open source. ForU CMS 2020-06-23 and earlier versions exist SQL injection vulnerability , the vulnerability stems from the file admin/cmstemplate.php SQL injection vulnerability...
PT-2024-15549 · Foru Cms · Foru Cms
Name of the Vulnerable Software and Affected Versions: ForU CMS versions up to 2020-06-23 Description: A critical issue has been found in ForU CMS, affecting the processing of the file admin/cms template.php. The manipulation of the argument t name/t path leads to sql injection. The attack may be...
CVE-2023-44848
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admintemplate.php component...
SeaCMS Security Vulnerability
SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version v.12.8, which originates from allowing an attacker to execute arbitrary code via the...
CVE-2023-37049
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php...
CVE-2023-37049
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php...
emlog 安全漏洞
emlog is a PHP and MySQL based CMS builder for personal developers of emlog. A security vulnerability exists in version 2.1.9 of emlog, which stems from the ease of deleting arbitrary files via admin emplate.php...
CVE-2023-37049
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php...
PT-2023-20810 · Ecshop · Ecshop
Name of the Vulnerable Software and Affected Versions: EcShop version 4.1.5 Description: An arbitrary file upload issue in the /admin/template.php component allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For EcShop version 4.1.5, consider disabling the...
CVE-2023-0783
A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...
PT-2023-16524 · Ecshop · Ecshop
Name of the Vulnerable Software and Affected Versions: EcShop version 4.1.5 Description: A critical issue affects the PHP File Handler component, specifically the /ecshop/admin/template.php file, leading to unrestricted upload. The attack can be initiated remotely. Recommendations: For EcShop...
AyaCMS 安全漏洞
AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version v3.1.2, which stems from its /admin/tpledit.inc.php component that allows an attacker to achieve remote code execution...