1593 matches found
CVE-2019-9912
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
CVE-2015-9292
6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...
CVE-2005-2203
login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php...
CVE-2009-0275
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...
CVE-2008-1228
Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...
CampCodes Online Food Ordering System 注入漏洞
CampCodes Online Food Ordering System is an online food ordering system from CampCodes, Inc. An injection vulnerability exists in CampCodes Online Food Ordering System version 1.0, which originates from SQL injection due to parameter ID manipulation in file /view-ticket-admin.php...
CVE-2025-45751
SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting XSS in add-admin.php via the Fullname text field...
CVE-2025-45751
SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting XSS in add-admin.php via the Fullname text field...
CVE-2025-45751
SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting XSS in add-admin.php via the Fullname text field...
CVE-2025-3821 SourceCodester Web-based Pharmacy Product Management System add-admin.php cross site scripting
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. Th...
CVE-2025-3821
CVE-2025-3821 affects SourceCodester Web-based Pharmacy Product Management System 1.0. The vulnerability resides in add-admin.php, where improper handling of the inputs txtpassword, txtfullname, and txtemail enables cross-site scripting. The issue is exploitable remotely and has public exploits. ...
PHPSHE 注入漏洞
PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics and other functions. PHPSHE 1.8 version of the existence of injection vulnerability, the vulnerability ste...
CVE-2025-29389
PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2tab=t2...
PT-2025-15698 · Pbootcms · Pbootcms
Name of the Vulnerable Software and Affected Versions: PbootCMS version 3.2.9 Description: The issue is related to a XSS vulnerability. It affects the "admin.php?p=/Content/index/mcode/2tab=t2" endpoint. Recommendations: For PbootCMS version 3.2.9, update to a version that fixes this issue, as th...
CVE-2025-25877
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data...
CVE-2025-25877
The CVE-2025-25877 entry concerns ITSourcecode Simple ChatBox (versions up to 1.0). The vulnerability affects unknown code in the /admin.php file and enables SQL injection to obtain sensitive data . Reported impact indicates potential data exposure with a low base score (CVSS 3.1: 3.8, LOW) and i...
CVE-2025-25877
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data...
CVE-2025-0842
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The...
CVE-2022-3973
A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit...