55 matches found
php imap_open Remote Code Execution
The imapopen function within php, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imapopen to execute arbitrary commands. While many custom...
CVE-2018-19291
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI...
DiliCMS Cross-Site Request Forgery Vulnerability
DiliCMS is a rapid development content management system based on CodeIgniter. DiliCMS 2.4.0 suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to delete a user or group via the admin/index.php/user/del/1 or admin/index.php/role/del/2 URIs...
CVE-2018-18740
An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMSLink.php?lgid=1 URI...
Cross site request forgery (csrf)
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMSUser.php?Class=add&CF=user URI...
CVE-2018-18744
An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMSMain.php URI...
CVE-2018-14963
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI...
Cross site scripting
Reflected Cross-Site Scripting XSS exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI...
CVE-2018-12263
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI...
CVE-2018-12263
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI...
CVE-2018-12263
The CVE-2018-12263 entry affects portfolioCMS 1.0.5, with a vulnerability in the admin/portfolio.php?newpage=true URI that allows uploading arbitrary .php files. The connected CNVD/NVD/OSV records confirm this behavior, citing a file-upload vulnerability in portfolioCMS 1.0.5. The underlying root...
CVE-2018-11098
CVE-2018-11098 affects Frog CMS 0.9.5. A file-upload vulnerability exists at the admin/?/plugin/file_manager/upload URI, described as a vulnerability similar to CVE-2014-4912. Connected documents reiterate an arbitrary file-upload issue in Frog CMS 0.9.5. No explicit patch/version remediation is ...
CVE-2018-10118
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...
CVE-2018-10118
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...
CVE-2007-2713
ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI...