Lucene search
K

121 matches found

CNNVD
CNNVD
added 2025/02/26 12:0 a.m.3 views

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS v13.3, which stems from a Remote Code Execution RCE issue in the component admintemplate.php...

5.1CVSS7.4AI score0.00701EPSS
Exploits1References5
CVE
CVE
added 2025/02/26 12:0 a.m.70 views

CVE-2025-25796

SeaCMS v13.3 is affected by a remote code execution (RCE) flaw in the admin_template.php component. The vulnerability is documented across multiple sources as CVE-2025-25796. The available descriptions consistently identify SeaCMS 13.3 and the admin_template.php module as the entry point for the ...

5.1CVSS8AI score0.00701EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.20 views

The vulnerability of the phpgacl/acl_admin.tpl template in the PHP library for managing access in web applications. This is part of the phpGACL system used for managing medical documentation in OpenEMR. It allows attackers to perform cross-site scripting attacks.

The vulnerability of the phpgacl/acladmin.tpl template in the PHP library for managing access in web applications is related to the lack of protective measures taken when processing the action template parameters. Exploiting this vulnerability allows a remote attacker to perform cross-site...

10CVSS5.3AI score
Exploits0References1Affected Software2
OSV
OSV
added 2024/11/04 7:15 p.m.2 views

CVE-2024-10768

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unittesting/templates/twotables.php. The manipulation of the argument scripts leads to cross site scripting. The...

5.4CVSS3.9AI score0.00378EPSS
Exploits1References5
OSV
OSV
added 2024/10/29 10:15 p.m.5 views

CVE-2024-48138

A remote code execution RCE vulnerability in the component /PluXml/core/admin/parametresedittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template...

9.8CVSS6.5AI score0.00831EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/30 12:0 a.m.10 views

CVE-2024-46475

A reflected cross-site scripting XSS vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

6AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2024/09/13 6:15 p.m.6 views

CVE-2024-8782

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the publ...

9.8CVSS5.5AI score0.00725EPSS
Exploits1References5
Patchstack
Patchstack
added 2024/09/13 7:4 a.m.4 views

WordPress Appointment Booking Calendar plugin < 1.6.7.43 - Admin+ Template Injection to RCE vulnerability

Admin+ Template Injection to RCE vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions 1.6.7.43...

7.2CVSS7.2AI score0.01138EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-39248 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0 Description: A critical issue affects the delete function of the file /admin/template/edit. The manipulation of the name argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue...

9.8CVSS6.8AI score0.00725EPSS
Exploits1References10
OSV
OSV
added 2024/09/12 12:15 a.m.4 views

CVE-2024-8706

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...

6.5CVSS4.8AI score0.00749EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

6.5CVSS4.9AI score0.00749EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

JFinalCMS 路径遍历漏洞

JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...

5.1CVSS4.8AI score0.00792EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.4 views

Jpress 路径遍历漏洞

Jpress is a blogging platform developed by Jpress team using Java language. A path traversal vulnerability exists in Jpress version 5.1.1 and earlier versions, which stems from a path traversal vulnerability in /admin/template/edit...

5.8CVSS5AI score0.00556EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.6 views

PT-2024-38929 · Jpress · Jpress

Name of the Vulnerable Software and Affected Versions: jpress versions up to 5.1.1 Description: A critical vulnerability has been found in the Template Module Handler component of jpress, affecting an unknown functionality of the file /admin/template/edit. The manipulation leads to path traversal...

5.8CVSS5.1AI score0.00556EPSS
Exploits1References11
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.4 views

SeaCMS Security Vulnerability

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 12.9, which stems from the fact that although admintemplate. php imposes certain...

8.8CVSS7.7AI score0.01264EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.3 views

PT-2024-28897 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue is a remote code execution vulnerability. It arises because attackers can bypass restrictions imposed by admin template.php on edited files, allowing them to write code and execute arbitrary commands...

8.8CVSS8.8AI score0.01264EPSS
Exploits1References11
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.23 views

CVE-2024-40521

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admintemplate.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the...

0.01264EPSS
Exploits1References1
OSV
OSV
added 2024/06/10 5:16 p.m.1 views

CVE-2024-31611

SeaCMS 12.9 has a file deletion vulnerability via admintemplate.php...

9.1CVSS5.8AI score0.00567EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.3 views

PT-2024-24152 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue is related to a file deletion vulnerability. It can be exploited via the admin template.php file. Recommendations: For SeaCMS version 12.9, consider restricting access to the admin template.php file...

9.1CVSS7.2AI score0.00567EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/10 12:0 a.m.17 views

CVE-2024-31611

SeaCMS 12.9 has a file deletion vulnerability via admintemplate.php...

7AI score0.00567EPSS
Exploits1References1
Rows per page
Query Builder