CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

Sql injection

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

CVE-2023-1947

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-1947 taoCMS admin.php code injection

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

taoCMS 代码注入漏洞

taoCMS is a Chinese micro CMS Content Management System. A code injection vulnerability exists in taoCMS version 3.0.2, which stems from a problem in the file /admin/admin.php that can lead to code injection...

CVE-2023-26784

SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admincommonuser parameter...

CVE-2021-34167

Cross Site Request Forgery CSRF vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php...

CVE-2023-0840

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has...

Clickjacking

cockpit-hq is vulnerable to Clickjacking. The vulnerability exists due to the lack of the x-frame-options header in admin.php which allows an attacker to misdirect the user, making them click something unintentionally...

Stored XSS via blog author parameter on admin.php?p=config

Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...

Cross site scripting

A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to...

PT-2022-9011 · Unknown · Annyshow Duxcms

Name of the Vulnerable Software and Affected Versions: annyshow DuxCMS version 2.1 Description: A vulnerability was found in the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the content argument leads to cross-site scripting. It is possible to...

Cross site scripting

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...

PT-2022-27444 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter in the Admin/add-admin.php file. This enables the...

CVE-2022-45224

CVE-2022-45224 is an XSS vulnerability affecting the Web-Based Student Clearance System v1.0, with the flaw in Admin/add-admin.php where a crafted payload in the txtfullname parameter can execute arbitrary scripts/HTML. The connected sources confirm the issue but do not provide exploit details or...

CVE-2022-3973 Pingkon HMS-PHP Data Pump Metadata admin.php sql injection

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2022-3973

CVE-2022-3973 affects Pingkon HMS-PHP, specifically the Data Pump Metadata component, in the file /admin/admin.php. The issue is a SQL injection caused by manipulation of the uname/pass parameter, allowing remote exploitation. Multiple sources (NVD, CVE lists, Red Hat, PRION, etc.) confirm a crit...

CVE-2022-43076

The vulnerability CVE-2022-43076 affects Web-Based Student Clearance System v1.0. A cross-site scripting (XSS) flaw exists in the /admin/edit-admin.php endpoint, exploitable by injecting crafted payloads into the txtemail parameter to execute arbitrary web scripts/HTML. The provided references co...

CVE-2022-3733

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2022-3733

SourceCodester Web-Based Student Clearance System is affected. The vulnerability is in Admin/edit-admin.php where manipulating the id parameter triggers a SQL injection. It can be exploited remotely and publicly disclosed; no remediation details are provided in the supplied documents.