CVE-2020-21881

DuxCMS 2.1 contains a Cross Site Request Forgery (CSRF) vulnerability in admin.php (endpoint article/admin/content/add) that allows remote attackers to modify application data. The issue is documented across multiple sources (e.g., CVE-2020-21881) with remediation guidance suggesting CSRF token v...

PT-2023-11606 · Duxcms · Duxcms

Name of the Vulnerable Software and Affected Versions: DuxCMS version 2.1 Description: A Cross Site Request Forgery CSRF issue in the admin.php file of DuxCMS allows remote attackers to modify application data via the "article/admin/content/add" endpoint. This can be exploited by tricking...

CVE-2020-21881

Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...

CVE-2020-21881

Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...

CVE-2023-27082

Cross Site Scripting XSS vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

Cross site scripting

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php...

Code injection

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

CVE-2020-20725

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php...

CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...

CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...

CVE-2021-31280

CVE-2021-31280 affects tp5cms prior to or through 2017-05-25. The issue is a cross-site scripting (XSS) vulnerability in admin.php/system/set.html exploitable via the keywords parameter. The related Red Hat/NVD/EU references corroborate an XSS in tp5cms with the same endpoint and parameter. CVSS ...

CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2023-33601

CVE-2023-33601 describes an arbitrary file upload vulnerability in the PHPok web application (version 6.4.100). The flaw resides in the /admin.php?c=upload endpoint, allowing an attacker to upload a crafted PHP file to achieve arbitrary code execution. The provided connected documents confirm the...

PHPOK Arbitrary File Upload Vulnerability (CNVD-2023-43865)

PHPOK is an enterprise building system that supports expansion. PHPOK version 6.4.100 suffers from an arbitrary file upload vulnerability, which stems from admin.php?c=upload&f=zip&noCache=0.1683794968 lack of valid validation of the uploaded file. An attacker can exploit this vulnerability to...

PT-2023-21309 · Unknown · Code-Projects Bus Dispatch/Information System

Name of the Vulnerable Software and Affected Versions: code-projects Bus Dispatch and Information System version 1.0 Description: A critical issue has been found in the code-projects Bus Dispatch and Information System, affecting an unknown functionality of the file view admin.php. The manipulati...

Open redirect

A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirecturl leads to open redirect. T...