BlueCMS SQL注入漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. a security vulnerability exists in BlueCMS version 1.6, which stems from an SQL injection in line 132 of admin/area.php. No details of the vulnerability are currently available...

CVE-2017-20133

A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...

Ambit Technologies iTech Job Portal Script 授权问题漏洞

Ambit Technologies iTech Job Portal Script is an efficient interactive platform from Ambit Technologies India. One can post their vacancy profile on one side and candidates can post their resume on the other side. Ambit Technologies iTech Job Portal Script version 9.13 suffers from a security...

CVE-2022-33056

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manageschedule.php...

CVE-2022-1527

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

PYSEC-2022-192

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

CVE-2022-24857 Multi factor authentication bypass in django-mfa3

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

CVE-2022-24985

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server...

WordPress plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site...

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================...

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. The site-admin area can be accessed by regular users. Unprivileged users can have access to daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interac...

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

Information disclosure

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

CVE-2021-32787

CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...

CVE-2021-24483

The getpollcategories, getpolls and getreports functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

Sourcegraph 信息泄露漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. in the United States. Sourcegraph suffers from a security vulnerability that stems from the fact that the site administration area can be accessed by a normal user, with all information and functionality properly...

Zen Cart 1.5.7 Cross Site Scripting Vulnerability

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Zen Cart 1.5.7 Affected Software: Zen Cart Affected Versions: 1.5.7 Homepage: https://www.zen-cart.com/ Vulnerability: Cross-Site Scripting Severity: High Status: Fixed CVSS Score 3.0:...

Pluck 命令注入漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck-4.7.10-dev2, which originates from the admin background, and a remote command execution vulnerability exists when uploading files...

Deserialization of Untrusted Data

Overview jakubpas/suitecrm is a composer fork of SuiteCRM - the open source alternative to SalesForce, Microsoft Dynamics and SugarCRM Professiona Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Phar Deserialization is possible due to insufficient checks...