Cross site request forgery (csrf)

clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI...

CVE-2020-13155

CVE-2020-13155 concerns a CSRF vulnerability in the NukeViet 4.4 product, where the request to CSRF via clearsystem.php can inject HTML when the deltype parameter is used in the URI admin/index.php?nv=webtools&op=clearsystem. The affected component is the clearsystem functionality in NukeViet 4.4...

CVE-2020-13384

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...

CVE-2020-10415

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index.php by adding a question mark ? followed by the payload...

CVE-2020-10415

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index.php by adding a question mark ? followed by the payload...

Cross site request forgery (csrf)

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI...

CVE-2019-17676

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI...

CVE-2019-17676

CVE-2019-17676 relates to MetInfo 7.0.0beta where a CSRF flaw in app/system/admin/admin/index.class.php allows an attacker to add a user account via the doSaveSetup action to admin/index.php, demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URL. The vulnerability stems from CSRF exposure i...

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

CVE-2019-16867

HongCMS 3.0.0 is affected by a path-traversal vulnerability allowing arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete (and similar CVE-2018-16774 path). Root cause is insufficient validation of the file path, enabling deletion of critical file...

CVE-2019-10687

KBPublisher 6.0.2.1 contains SQL injection vulnerabilities in multiple entry points: admin/index.php?module=report&entry_id[0] and admin/index.php?module=log&id, as well as index.php?View=print&id[] (and related POST parameters). Some sources note the issue affects both admin and public (unauthen...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12790

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12790

CVE-2017-12790 : MetInfo 5.3.18 is affected by Cross Site Request Forgery (CSRF) affecting the admin/index.php component. The attack vector involves an administrator clicking a malicious link while logged in. Reported impact is Information Disclosure (remote). The Red Hat, NVD, PRION, and CVE cat...

CVE-2017-12790

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

Open redirect

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...