Cross site scripting

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be...

CVE-2023-3888 Campcodes Beauty Salon Management System admin-profile.php cross site scripting

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be...

CVE-2023-3888 Campcodes Beauty Salon Management System admin-profile.php cross site scripting

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be...

CVE-2023-3874

CVE-2023-3874 affects Campcodes Beauty Salon Management System 1.0. The vulnerability is an SQL injection in the unknown function of the file /admin/admin-profile.php, triggered by manipulating the adminname parameter. It is exploitable remotely, with multiple sources indicating the exploit has b...

PT-2023-26579 · Unknown · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /admin/admin-profile.php. The manipulation of the adminname argument leads to sql injection...

Privilege escalation

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-38305

AeroCMS v0.0.1 is affected by an arbitrary file upload vulnerability in the /admin/profile.php component. The underlying issue allows an attacker to upload a crafted PHP file, enabling arbitrary code execution on the server. CVSS 3.1 base score 8.8 (HIGH) with network attack vector, low attack co...

CVE-2022-27478

Victor CMS v1.0 contains a remote code execution (RCE) vulnerability exploitable through the component admin/profile.php?section=admin. The set of connected documents consistently describes an RCE without detailing the root cause or exact exploit path beyond the vulnerable endpoint. Impact is des...

CVE-2018-5214

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fbfacebookid parameter to wp-admin/profile.php...

CVE-2017-10673

admin/profile.php in GetSimple CMS 3.x has XSS in a name field...