CVE-2018-10032

CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

CVE-2018-18626

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database=del" sql parameter because delaction in admin/model/database.class.php mishandles this parameter...

CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...

CVE-2026-22079

The PT-2026-2147 entry specifies that Tenda 300Mbps Wireless Router F3 and Tenda N300 Easy Setup Router are affected by a flaw where login credentials are transmitted in plaintext during the initial login or after a factory reset via the web-based interface. An attacker on the same network could ...

CVE-2022-38283

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...

CVE-2022-31492

Cross Site scripting XSS vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroupadminadd.php Username...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2020-10391

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-63611

Summary: CVE-2025-63611 affects phpgurukul Hostel Management System v2.1. The issue is a stored XSS in the user-provided "Explain the Complaint" field submitted to /register-complaint.php, which is rendered unescaped in the admin view at /admin/complaint-details.php?cid=. When an administrator op...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2019-16704

admin/infoclassupdate.php in PHPMyWind 5.6 has stored XSS...

CVE-2019-16997

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/languagegeneral.class.php via the admin/?n=language=languagegeneral=doExportPack appno parameter...

CVE-2019-12353

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dlsendmail.php when the attacker has admin authority via the id parameter...

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

GHSA-VFRF-VCJ7-WVR8 Signal K Server Vulnerable to Access Request Spoofing

The SignalK access request system has two related features that when combined by themselves and with the infromation disclosure vulnerability enable convincing social engineering attacks against administrators. When a device creates an access request, it specifies three fields: clientId,...

PT-2026-4489

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System daemon nfsd is susceptible to a server crash when attempting to unlock the filesystem through an administrative interface while nfsd is not running...