CVE-2018-17125

CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to plugins\sys\admin\Plugins.php...

CVE-2010-5295

Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...

WordPress 3.0.1 wp-admin/plugins.php模块跨站脚本漏洞

BUGTRAQ ID: 42440 WordPress是一款免费的论坛Blog系统。 如果action参数设置为delete-selected，WordPress没有正确地过滤提交给wp-admin/plugins.php的checked0参数便返回给了用户，这允许远程攻击者通过提交恶意参数请求执行反射式跨站脚本攻击。 WordPress 3.0.1 厂商补丁： WordPress --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://wordpress.org/...

CVE-2008-2699

Multiple directory traversal vulnerabilities in Galatolo WebManager GWM 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in 1 the plugin parameter to admin/plugins.php or 2 the com parameter to index.php...

MyBB 1.2 Local File Incusion

Invalid characters removed from From: [email protected], |@securityfocus.com, D3vil-0x1 MyBB Bug Local File Inclusion MyBB 1.2 - Admin Can Include Local File : File :- admin/plugins.php Line :- 51 // if$mybb-input'action' == "activate" $codename = $mybb-input'plugin'; Input From POST $file =...