48 matches found
CVE-2024-46240
CVE-2024-46240 affects Collabtive 3.1. The vulnerability is a Cross-site Scripting (XSS) flaw in admin.php, exploitable via the name parameter under action=system and the company/contact parameters under action=addcust. Root cause: XSS in these input points. The connected sources confirm Collabti...
CVE-2024-48708
Collabtive 3.1 is vulnerable to Cross-Site Scripting XSS via the name parameter in a file tasklist.php under action = add/edit and in b file admin.php under action = adduser/edituser...
Hospital Management System SQL注入漏洞
Hospital Management System is a hospital management system. A SQL injection vulnerability exists in Hospital Management System v1.0, which includes modules for patient information management, appointment services, and financial management. The vulnerability is related to the lack of validation of...
Sql injection
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2...
Ibtana - Ecommerce Product Addons < 0.2.4 - Reflected Cross-Site Scripting
The plugin does not escape some user input before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues. v alert/XSS/ v 0.2.4 - https://example.com/wp-admin/admin.php?page=ibtana-custom-post-type&posttypeid="+style=animation-name:rotation+onanimationstart=alert/XSS/...
DOYO SQL注入漏洞
DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...
CVE-2020-19547
Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php...
CVE-2020-21003
Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-10984
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF...
CVE-2019-9550
DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS...
CVE-2019-9051
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI...
Sql injection
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state productid parameter...
CVE-2018-16338
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic...
blog.seniorennet.nl XSS vulnerability
Open Bug Bounty ID: OBB-648249 Description| Value ---|--- Affected Website:| blog.seniorennet.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-13031
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...
Cross site scripting
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...
WordPress Plugin W3 Total Cache 'admin.php' Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. w3 Total Cache is one of the blog optimization plug-ins. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache 'admin.php' 0.9.4.1 and earlier. An attacker can...
Modoer review system admin.php cross-site script execution vulnerability
Modoer review system a professional review website system, a variety of industry reviews, you can freely regulate the type of review project. Modoer system version 20150505 cross-site scripting vulnerability exists in the background, due to the failure to limit the act parameters when loading...
JVN#48039501: Shutter vulnerable to SQL injection
Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...