122 matches found
CVE-2026-41935 Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service
Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...
CVE-2026-41935
Vvveb
EyouCMS 安全漏洞
EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.1 and earlier have security vulnerabilities. These vulnerabilities stem from the handling of the filename parameter in the file...
CVE-2026-3956 xierongwkhd weimai-wetapp Admin_AdminUserController.java getAdmins sql injection
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wxweimai/controller/admin/AdminAdminUserController.java. Performing a manipulation of the argument keywor...
weimai-wetapp SQL注入漏洞
Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...
CVE-2026-1111
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2018-18802
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...
CVE-2019-16119
SQL injection in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php albumid parameter...
SyCms 代码注入漏洞
SyCms is a content management system for shanyu individual developers. SyCms code injection vulnerability exists, the vulnerability stems from the incorrect operation of the function addPost in the file Application/Admin/Controller/FileManageController.class.php, which may lead to code injection...
CVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...
CVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...
CVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...
CVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...
CVE-2025-15093
The CVE-2025-15093 entry concerns sunkaifei FlyCMS, affecting the Admin Login path in IndexAdminController.java. The vulnerability arises from manipulating the redirectUrl argument, enabling cross-site scripting. Impact is remote, with a publicly released exploit noted. The affected scope is desc...
CVE-2025-15093 sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument...
sunkaifei FlyCms 安全漏洞
sunkaifei FlyCms is a sunkaifei open source application. A similar Zhihu based on Q&A completely open source JAVA language development of social network building program. A security vulnerability exists in sunkaifei FlyCms, which originates from an incorrect operation of the parameter redirectUrl...
CVE-2025-14722
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...
CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...
CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...