1734 matches found
CVE-2022-29681
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del...
CVE-2022-47926
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fstdel.inc.php...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2022-24573
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
CVE-2022-29676
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...
CVE-2022-29669
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan...
CVE-2022-28432
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions=display=0=2...
CVE-2022-27431
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php...
CVE-2022-36222
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...
CVE-2021-32615
Piwigo 11.4.0 allows admin/userlistbackend.php order0dir SQL Injection...
CVE-2021-29054
Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...
CVE-2021-29011
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...
CVE-2021-29434
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...
CVE-2020-6302
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session...
CVE-2020-11629
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...
CVE-2020-8255
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
CVE-2020-19118
Cross Site Scripting XSS vulnerabiity in YzmCMS 5.2 via the sitecode parameter in admin/index/init.html...
CVE-2020-10407
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-news.php by adding a question mark ? followed by the payload...
CVE-2020-9018
LiteCart through 2.2.1 allows admin/?app=users=edituser CSRF to add a user...