121 matches found
SeaCMS 安全漏洞
SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS v13.3, which stems from a Remote Code Execution RCE issue in the component admintemplate.php...
CVE-2025-25796
SeaCMS v13.3 is affected by a remote code execution (RCE) flaw in the admin_template.php component. The vulnerability is documented across multiple sources as CVE-2025-25796. The available descriptions consistently identify SeaCMS 13.3 and the admin_template.php module as the entry point for the ...
The vulnerability of the phpgacl/acl_admin.tpl template in the PHP library for managing access in web applications. This is part of the phpGACL system used for managing medical documentation in OpenEMR. It allows attackers to perform cross-site scripting attacks.
The vulnerability of the phpgacl/acladmin.tpl template in the PHP library for managing access in web applications is related to the lack of protective measures taken when processing the action template parameters. Exploiting this vulnerability allows a remote attacker to perform cross-site...
CVE-2024-10768
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unittesting/templates/twotables.php. The manipulation of the argument scripts leads to cross site scripting. The...
CVE-2024-48138
A remote code execution RCE vulnerability in the component /PluXml/core/admin/parametresedittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template...
CVE-2024-46475
A reflected cross-site scripting XSS vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-8782
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the publ...
WordPress Appointment Booking Calendar plugin < 1.6.7.43 - Admin+ Template Injection to RCE vulnerability
Admin+ Template Injection to RCE vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions 1.6.7.43...
PT-2024-39248 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0 Description: A critical issue affects the delete function of the file /admin/template/edit. The manipulation of the name argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue...
CVE-2024-8706
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...
JFinalCMS 路径遍历漏洞
JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...
JFinalCMS 路径遍历漏洞
JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...
Jpress 路径遍历漏洞
Jpress is a blogging platform developed by Jpress team using Java language. A path traversal vulnerability exists in Jpress version 5.1.1 and earlier versions, which stems from a path traversal vulnerability in /admin/template/edit...
PT-2024-38929 · Jpress · Jpress
Name of the Vulnerable Software and Affected Versions: jpress versions up to 5.1.1 Description: A critical vulnerability has been found in the Template Module Handler component of jpress, affecting an unknown functionality of the file /admin/template/edit. The manipulation leads to path traversal...
SeaCMS Security Vulnerability
SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 12.9, which stems from the fact that although admintemplate. php imposes certain...
PT-2024-28897 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue is a remote code execution vulnerability. It arises because attackers can bypass restrictions imposed by admin template.php on edited files, allowing them to write code and execute arbitrary commands...
CVE-2024-40521
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admintemplate.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the...
CVE-2024-31611
SeaCMS 12.9 has a file deletion vulnerability via admintemplate.php...
PT-2024-24152 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue is related to a file deletion vulnerability. It can be exploited via the admin template.php file. Recommendations: For SeaCMS version 12.9, consider restricting access to the admin template.php file...
CVE-2024-31611
SeaCMS 12.9 has a file deletion vulnerability via admintemplate.php...