CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

CVE-2019-9915

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter...

CVE-2019-9915

GetSimple CMS 3.3.13 contains an Open Redirect vulnerability exposed via the admin/index.php redirect parameter. An attacker can cause victims to be redirected to a malicious site, with potential for phishing or unauthorized operations depending on the redirected context. The issue is documented ...

CVE-2019-8438

CVE-2019-8438 affects DiliCMS 2.4.0. A Stored XSS vulnerability exists in the first textbox of System setting -> site setting (admin/index.php), specifically the site_name field. The issue is described without exploit details in the provided sources; CVSS scores from NVD indicate a Low to Medi...

CVE-2019-8440

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox aka site logo of "System setting-site setting" of admin/index.php, aka sitelogo...

CVE-2019-8407

HongCMS 3.0.0 is affected by CVE-2019-8407 due to a path traversal in the filename parameter of admin/index.php/language/edit, allowing arbitrary file read and write. The underlying cause is improper handling of "../" in the filename, enabling access to sensitive files. Impact: partial confidenti...

CVE-2018-18774

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter...

CVE-2018-19192

An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the datacontent parameter...

CVE-2018-19051

MetInfo 6.1.3 is affected by a cross-site scripting (XSS) vulnerability exploitable through the admin/index.php?a=dogetpassword abt_type parameter. The issue is tied to MetInfo’s admin input handling, enabling XSS in the context of the injected parameter. Connected sources consistently reference ...

CVE-2018-18323

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=fileeditor&file=/../ URI...

CVE-2018-18322

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php servicestart, servicerestart, servicefullstatus, or servicestop parameter...

CVE-2018-16820

Monstra CMS 3.0.4 is affected by a directory-traversal in admin/index.php, exploitable via id=filesmanager&path=uploads/… requests to list arbitrary directories. Root cause is improper handling of the path parameter that enables traversal. Impact per NVD: High (CVSSv3 7.5) for confidentiality los...

CVE-2018-17024

admin/index.php in Monstra CMS 3.0.4 allows XSS via the pagemetatitle parameter in an addpage action...

CVE-2018-17025

CVE-2018-17025 affects Monstra CMS 3.0.4. The issue is an XSS in admin/index.php via the page_meta_title parameter in an edit_page action for pages with no special role. Documented impact is XSS; no exploitation details are provided in the sources. CVSS scores listed: CVSS v2 base 4.3 (Medium) an...

Arbitrary file deletion

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete...

CVE-2018-14420

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

Cross site request forgery (csrf)

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=adminadmin&a=doaddsave URI...

livrefoncier.fr XSS vulnerability

Open Bug Bounty ID: OBB-626506 Description| Value ---|--- Affected Website:| livrefoncier.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Flexit Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site request forgery (csrf)

An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI...

Cross site scripting

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...