Lucene search
K

121 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/26 9:15 p.m.5 views

CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...

8.1CVSS7.2AI score0.01029EPSS
Exploits1References2
OSV
OSV
added 2022/04/26 9:15 p.m.2 views

CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete...

8.1CVSS5.8AI score0.01029EPSS
Exploits1References1
CVE
CVE
added 2022/03/09 1:32 p.m.83 views

CVE-2022-24609

CVE-2022-24609 affects Luocms v2.0. The vulnerability is an incorrect access-control flaw that allows an unauthenticated or minimally privileged attacker to write an arbitrary shell file through /admin/templates/template_manage.php. Several connected records describe the root cause as insufficien...

10CVSS9.5AI score0.01526EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/26 5:15 p.m.4 views

CVE-2021-46116

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin.TemplateControllerdoInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code...

7.2CVSS7.9AI score0.0255EPSS
Exploits1References4
NVD
NVD
added 2021/10/06 10:15 p.m.13 views

CVE-2020-21654

emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file...

7.2CVSS0.01067EPSS
Exploits1References1
Prion
Prion
added 2021/10/06 10:15 p.m.17 views

Design/Logic Flaw

emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file...

6.5CVSS6.7AI score0.01067EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/06 12:0 a.m.2 views

Emlog 安全漏洞

Emlog is a PHP and MySQL based CMS builder by the individual developers of Emlog. A security vulnerability exists in Emlog, which is caused by a failure of the product's admin emplate.php to adequately validate user uploaded zip files. The vulnerability can be exploited to obtain a shell, the...

7.2CVSS7.1AI score0.01067EPSS
Exploits1References2
OSV
OSV
added 2021/10/04 9:15 p.m.2 views

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...

6.5CVSS5.8AI score0.0091EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.5 views

HongCMS 访问控制错误漏洞

HongCMS is an open source lightweight content management system CMS. An access control error vulnerability exists in HongCMS, which stems from the product's failure to add valid permission controls to the /admin/index.php/template/edit page. An attacker could cause arbitrary file reads and writes...

6.5CVSS5.8AI score0.0091EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.5 views

CVE-2021-38349

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

6.1CVSS5.8AI score0.00866EPSS
Exploits1References2
OSV
OSV
added 2021/06/03 11:15 p.m.4 views

CVE-2020-36007

AppCMS 2.0.101 in /admin/template/tplapp.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users...

6.1CVSS5.3AI score0.00873EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/06/03 11:15 p.m.1 views

CVE-2020-36007

AppCMS 2.0.101 in /admin/template/tplapp.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users...

6.1CVSS4.7AI score0.00873EPSS
Exploits1References2
OSV
OSV
added 2020/03/12 2:15 p.m.4 views

CVE-2020-10495

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request...

4.3CVSS5.8AI score0.00475EPSS
Exploits1References2
OSV
OSV
added 2020/03/12 2:15 p.m.5 views

CVE-2020-10482

CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request...

4.3CVSS5.8AI score0.00475EPSS
Exploits1References2
CNVD
CNVD
added 2019/03/07 12:0 a.m.1 views

OFCMS Backend Directory Traversal Vulnerability

OFCMS is a content management system based on Java technology. Versions of OFCMS prior to 1.1.3 have an admin/cms/template/getTemplates.html?respath=res&updir=... /directory traversal vulnerability. An attacker can exploit the vulnerability to traverse directory information...

4.3CVSS6.8AI score0.01362EPSS
Exploits1References1
Prion
Prion
added 2018/11/25 8:29 p.m.35 views

Code injection

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...

6.5CVSS8.9AI score0.02917EPSS
Exploits1References2Affected Software2
NVD
NVD
added 2018/11/25 8:29 p.m.43 views

CVE-2018-19520

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...

8.8CVSS8.9AI score0.02917EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/11/25 8:0 p.m.39 views

CVE-2018-19520

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...

9.3AI score0.02917EPSS
Exploits1References2
CVE
CVE
added 2018/11/25 8:0 p.m.624 views

CVE-2018-19520

CVE-2018-19520 targets SDCMS 1.6 on PHP 5.x. The admin path app/admin/controller/themecontroller.php uses a check_bad function intended to block certain PHP functions (e.g., eval) but does not block preg_replace with the /e/ modifier, enabling an attacker with admin template access to execute arb...

8.8CVSS8.9AI score0.02917EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/09/21 5:29 p.m.2 views

CVE-2018-16821

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...

5.3CVSS5.9AI score0.01005EPSS
Exploits1References2
Rows per page
Query Builder