PT-2026-45427

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit topic.php. Such manipulation of the argument topic id leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2026-27935

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

CVE-2026-27935

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

EUVD-2026-13239

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

Exploit for CVE-2025-8550

CVE-2025-8550 – atjiu pybbs XSS Exploit Description This...

pybbs 代码注入漏洞

pybbs is a community platform for Java development by iuiu individual developers. A code injection vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from improper handling of the parameter Username in the file /admin/topic/list, which could lead to a cross-site scripting attac...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS v13.3, which stems from mishandling of the admintopic.php component, which could lead to SQL...

CVE-2025-3797

A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admintopic.php?action=delall. The manipulation of the argument eid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

SeaCMS 注入漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. An injection vulnerability exists in SeaCMS 13.3 and earlier versions, which stems from an SQL injection due to the operation of the...

CVE-2022-29665

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...

CVE-2022-29665

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...

CVE-2022-29682

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del...

CVE-2022-29682

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del...

CVE-2022-29665

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...

CSCMS Music Portal SystemSQL注入漏洞

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing id parameter of /admin.php/news/admin/topic/save validation of external inpu...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter in /admin.php/vod/admin/topic/del for...

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

SQL Injection Vulnerability in Ocean CMS tid Parameter

Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the admintopicvod.php page of Ocean CMS 6.46 utf-8 official. The lack of filtering of the 'tid' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...

boastmachine-session.txt

Vagrant - E-hack.org 05.22.2007 BoastMachine v3.0 platinum - Session Ýd Hacking After the login into the site which alllows new user registration. Site user's data which is entered to change the topic, can be changed by another user, and that is a security hole because of ID interchangeability in...

CVE-2006-5209

PHP remote file inclusion vulnerability in admin/admintopicactionlogging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...