121 matches found
CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...
CVE-2022-28523
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...
CVE-2022-24609
CVE-2022-24609 affects Luocms v2.0. The vulnerability is an incorrect access-control flaw that allows an unauthenticated or minimally privileged attacker to write an arbitrary shell file through /admin/templates/template_manage.php. Several connected records describe the root cause as insufficien...
CVE-2021-46116
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin.TemplateControllerdoInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code...
CVE-2020-21654
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file...
Design/Logic Flaw
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file...
Emlog 安全漏洞
Emlog is a PHP and MySQL based CMS builder by the individual developers of Emlog. A security vulnerability exists in Emlog, which is caused by a failure of the product's admin emplate.php to adequately validate user uploaded zip files. The vulnerability can be exploited to obtain a shell, the...
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...
HongCMS 访问控制错误漏洞
HongCMS is an open source lightweight content management system CMS. An access control error vulnerability exists in HongCMS, which stems from the product's failure to add valid permission controls to the /admin/index.php/template/edit page. An attacker could cause arbitrary file reads and writes...
CVE-2021-38349
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...
CVE-2020-36007
AppCMS 2.0.101 in /admin/template/tplapp.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users...
CVE-2020-36007
AppCMS 2.0.101 in /admin/template/tplapp.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users...
CVE-2020-10495
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request...
CVE-2020-10482
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request...
OFCMS Backend Directory Traversal Vulnerability
OFCMS is a content management system based on Java technology. Versions of OFCMS prior to 1.1.3 have an admin/cms/template/getTemplates.html?respath=res&updir=... /directory traversal vulnerability. An attacker can exploit the vulnerability to traverse directory information...
Code injection
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...
CVE-2018-19520
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...
CVE-2018-19520
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...
CVE-2018-19520
CVE-2018-19520 targets SDCMS 1.6 on PHP 5.x. The admin path app/admin/controller/themecontroller.php uses a check_bad function intended to block certain PHP functions (e.g., eval) but does not block preg_replace with the /e/ modifier, enabling an attacker with admin template access to execute arb...
CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...