CVE-2018-25127

CVE-2018-25127 affects SOCA Access Control System 180612. The issue is a cross-site request forgery in the admin interface caused by lack of proper request validation, allowing forged requests to create admin accounts when a user visits a malicious page. Affected component: admin interface/API en...

PT-2025-53368

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2023-53975

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

📄 Pi-hole 5.18.3 Remote Code Execution

This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...

CVE-2025-14989 Campcodes Complete Online Beauty Parlor Management System search-invoices.php sql injection

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

EUVD-2025-204337

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

EUVD-2025-204379

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

CVE-2023-53737

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2020-36889

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

CVE-2023-53736

CVE-2023-53736 concerns Kentico Xperience. A cross-site scripting vulnerability exists in the administration interface, allowing authenticated users to inject scripts that execute within the administrative context. Documents consistently describe a reflected XSS vector affecting the admin UI; roo...

CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context...

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2020-36889

Kentico Xperience stores error messages containing crafted object names in the Administration Interface, enabling a stored XSS vulnerability. Affected: Kentico Xperience

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

PT-2025-52246

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...

📄 Institute Admission Software 2.5 Insecure Direct Object Reference

Institute Admission Software version 2.5 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 IDOR...