1574 matches found
CVE-2018-17133
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
CVE-2018-17131
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field...
CVE-2018-17132
admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...
CVE-2018-17134
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfgauthor field in conjunction with a crafted cfgwebpath field...
Code injection
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
Design/Logic Flaw
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field...
Code injection
admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...
Design/Logic Flaw
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfgauthor field in conjunction with a crafted cfgwebpath field...
CVE-2018-17131
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field...
CVE-2018-17134
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfgauthor field in conjunction with a crafted cfgwebpath field...
CVE-2018-17132
admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...
CVE-2018-17132
CVE-2018-17132 affects PHPMyWind 5.5: admin/goods_update.php can be abused by Admin users to execute arbitrary code via the attrvalue[] array parameter. The vulnerability arises from how the parameter is handled, enabling code execution with admin privileges. The connected documents confirm the a...
CVE-2018-17133
CVE-2018-17133 affects PHPMyWind 5.5, where admin/web_config.php allows an Admin user to execute arbitrary code via the rewrite url setting. Root cause is improper handling of URL rewrite configuration leading to code execution with admin privileges. Impact is arbitrary code execution; CVSS notes...
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-15695
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
CVE-2018-15845
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add...
CVE-2018-14791
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products...
Insecure Default Configuration
tripleoheattemplates is vulnerable to insecure default configuration. The vulnerabilty exists due to the default configuration set for the OpenDayLight ODL admin users' credentials, allowing malicious users to gain unauthorized access...