25 matches found
EUVD-2008-5411
Malware in sbrugna...
EUVD-2021-33135
Malicious code in bioql PyPI...
CVE-2025-10616
A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited...
CVE-2025-10616 itsourcecode E-Commerce Website users.php unrestricted upload
A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited...
CVE-2025-10616
The CVE-2025-10616 entry concerns itsourcecode E-Commerce Website 1.0. The vulnerable component is the file /admin/users.php where an unspecified manipulation yields an unrestricted upload. The vulnerability can be exploited remotely and the exploit has been released publicly. Other details in co...
Aero CMS 0.0.1 Cross Site Request Forgery
============================================================================================================================================= | Title : Aero CMS v0.0.1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendor...
CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
CVE-2021-46459
CVE-2021-46459 affects Victor CMS v1.0. Multiple SQL injection vulnerabilities exist in the admin/users.php?source=add_user component, exploitable via crafted POST requests to parameters user_name, user_firstname, user_lastname, or user_email. Root cause stated: lack of input validation in SQL st...
Cross site scripting
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
Design/Logic Flaw
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17085
CVE-2018-17085 affects OTCMS 3.61. The vulnerability is a cross-site scripting (XSS) flaw in admin/users.php exploitable via the dataTypeCN, dataMode, and dataModeStr parameters. Exploitation status is not documented in the provided materials. The CNVD entry similarly describes an XSS vector in O...
CVE-2018-7176
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php aka the "add user" feature of the User Permissions page...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...
CVE-2018-5690
CVE-2018-5690 is an XSS vulnerability in Dotclear 2.12.1 affecting the admin/users.php page. The issue occurs when processing the nb parameter (page limit number), allowing remote authenticated users to inject arbitrary web script or HTML. The affected component is the admin interface (users mana...
CVE-2015-8354
Cross-site scripting XSS vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the refer parameter to wp-admin/users.php...