CVE-2022-24981

A reflected cross-site scripting XSS vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

Design/Logic Flaw

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php...

CVE-2022-24981

CVE-2022-24981 describes a reflected XSS in forms generated by JQueryForm.com prior to 2022-02-05. The vulnerability is triggered via the redirect parameter to admin.php, allowing remote attackers to inject arbitrary web script or HTML. Documents consistently identify the affected component as th...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2022-24676

updatecode in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2022-24676

updatecode in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive...

Remote code execution

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

HYBBS 代码问题漏洞

HYBBS is a lightweight community forum program. A code issue vulnerability exists in HYBBS2, which stems from the product Admin.php page not checking for uploaded files during updates. An attacker can use this vulnerability to upload a carefully crafted ZIP archive file. The following products an...

CVE-2022-24676

CVE-2022-24676 affects HYBBS2 up to version 2.3.2, where the update_code flow in Admin.php allows arbitrary file upload via a crafted ZIP archive. The root cause is described as the Admin.php page not validating uploaded files during updates, enabling potential file upload abuse. Public reference...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2022-24677

CVE-2022-24677 affects HYBBS2 up to version 2.3.2. Admin.php writes plugin-related configuration information to conf.php, enabling remote code execution. The vulnerability is triggered on the Admin.php page and has been characterized with high/severe impact (NVD CVSS v3.1: 9.8, CRITICAL; v2: 7.5,...

Arbitrary file deletion

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt...

SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting

The plugin does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored in their cookies with an XSS payloa...

Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...

ZZCMS Access Control Error Vulnerability

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS suffers from an access control error vulnerability that stems from an incorrect access control vulnerability in zzcms via admin.php, which can be exploited by an attacker to directly access the administrator console afte...

Improper access control

An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console...

CVE-2021-43703

An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console...