15 matches found
EUVD-2016-1964
Malware in sbrugna...
EUVD-2021-14724
Malware in sbrugna...
EUVD-2023-57363
Malicious code in bioql PyPI...
EUVD-2025-1891
Malicious code in bioql PyPI...
EUVD-2022-33989
Malicious code in bioql PyPI...
CVE-2024-46240
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...
CVE-2008-1228
Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...
CVE-2022-3973
A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2025-0842
CVE-2025-0842 affects the needyamin Library Card System 1.0, specifically the Login component's admin.php. The vulnerability arises from improper handling of the email and password parameters, enabling SQL injection. CVE entries and related advisories indicate remote exploitation with publicly di...
CVE-2023-46958
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...
CVE-2021-34650 eID Easy <= 4.6 Reflected Cross-Site Scripting
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...
Cashtomer <= 1.0.0 - Authenticated SQL Injection
An editid GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=add-social-point&id=facebookshare&editid=-9677%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1...
Design/Logic Flaw
An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...
CVE-2018-5692
Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...
PT-2017-14607 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...