CVE-2026-5333

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

EUVD-2015-9411

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via \admin\index.html/system/tools...

BloofoxCms 路径遍历漏洞

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A directory traversal vulnerability exists in bloofoxCMS 0.5.2.1. An attacker can exploit this vulnerability by using the admin/index.php?mode=tools&page=upload URI to upload any .php file to . /media/images/...