CVE-2012-4232

SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie...

CVE-2011-5212

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the 1 user name or 2 password field...

CVE-2012-4232

CVE-2012-4232 is a SQL Injection in jCore before 1.0pre2, exploitable via the cookie value memberloginid in /admin/index.php, allowing remote attackers to execute arbitrary SQL. Related advisory data also notes CVE-2012-4231 (XSS in path parameter) and that the vendor fixed the issue in a subsequ...

CVE-2012-4231

CVE-2012-4231 corresponds to an XSS flaw in jCore’s admin/index.php prior to 1.0pre2. The vulnerability arises from insufficient sanitization of the path parameter in the GET request, allowing an attacker to inject arbitrary HTML/Script that is executed in the victim’s browser (context of the aff...

CVE-2012-1900

CVE-2012-1900 affects RazorCMS 1.2.1 and earlier. The vulnerability is a Cross-Site Request Forgery in admin/index.php that lets remote attackers hijack an administrator’s session to perform showcats actions that delete arbitrary web pages. Root cause: CSRF in the admin interface enabling unautho...

CVE-2012-5228

Cross-site scripting XSS vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information...

CVE-2012-5228

CVE-2012-5228 is a cross-site scripting (XSS) vulnerability in admin/index.php of phplist, affecting 2.10.9 and 2.10.17 (and possibly other versions prior to 2.10.19). The issue allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. The connected documents co...

Sql injection

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page...

CVE-2012-3952

CVE-2012-3952 is an XSS vulnerability in phpList 2.10.18 and earlier, occurring in admin/index.php when the unconfirmed parameter is used (page=user). Exploitation can cause arbitrary HTML/script execution in an administrator’s browser. The related advisory confirms a fixed vendor patch: upgrade ...

CVE-2012-3836

Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 groupname parameter in a savecategory in the users module; 2 virtualfilename, 3 branch, 4 contactperson, 5 street, 6 city, 7 province, 8 postal, 9...

Kuwebs 3.1.3 admin-index.php参数menu远程文件包含漏洞

No description provided by source...

CVE-2012-0997

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

CVE-2012-0997

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

CVE-2012-0997

CVE-2012-0997: CSRF vulnerability in 11in1 1.2.1 stable (12-31-2011) affecting admin/index.php, allowing an attacker to hijack administrator authentication to perform addTopic requests. Multiple connected sources corroborate CSRF context and impact (topic creation via addTopic) with PoC examples ...

CVE-2012-1023

The CVE-2012-1023 entry concerns an Open Redirect vulnerability in 4images 1.7.10, specifically in admin/index.php where an attacker can abuse the redirect parameter to send users to arbitrary sites, enabling phishing-like redirection. Connected sources confirm the affected product (4images 1.7.1...

PHPDomainRegister 0.4a-RC2-dev Cross Site Scripting / SQL Injection

Title = PHPDomainRegister v0.4a-RC2-dev = SQL AuthSQL InjectXSS Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpdr/v0.4b%20-%20RC2.rar This Bug Powered By : GooGLe Thnks : +----------------------------------+ | xSs m4n i-Hmx Cyber-Crystal | | Dr.Bnned ahwak2000 sa^Dev!L |...

CVE-2010-5051

Cross-site scripting XSS vulnerability in admin/core/adminfunc.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php...

Sql injection

Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 findfid, 2 id, 3 selectfcat, 4 selectfmon, or 5 selectftag parameter in an images action...

TinyWebGallery 1.8.3 Cross Site Scripting / Directory Traversal

Date: 01/02/2011 dd/MM/yyyy Script: TinyWebGallery Version: 1.8.3 No fixes yet, might work on other versions too. Home: http://www.tinywebgallery.com -- Vulnerability: Non-persistent XSS Where: File: /admin/index.php Parameters: sview, tview, dir, item. Examples:...