CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

Prion•added 2021/11/02 6:15 p.m.•9 views

Directory traversal

Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php...

5CVSS7.4AI score0.00431EPSS

Exploits1References1Affected Software1

CVE•added 2021/11/02 5:44 p.m.•29 views

CVE-2020-18438

CVE-2020-18438 is a directory traversal vulnerability in qinggan/phpok 5.1. The flaw allows an attacker to disclose sensitive information by manipulating the title parameter in admin.php. This is documented across multiple connected sources (NVD entry and CNVD/CNNVD variants) confirming the affec...

7.5CVSS7.4AI score0.00431EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/11/02 5:44 p.m.•14 views

CVE-2020-18438

Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php...

7.5AI score0.00431EPSS

Exploits1References1

CNNVD•added 2021/11/02 12:0 a.m.•1 views

qinggan phpok 路径遍历漏洞

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A directory traversal vulnerability exists in phpok version 5.1. The vulnerability can be exploited to disclose sensitive information via the title parameter of admin.php...

7.5CVSS5.4AI score0.00431EPSS

Exploits1References1

wpexploit•added 2021/11/01 12:0 a.m.•470 views

Ibtana - Ecommerce Product Addons < 0.2.4 - Reflected Cross-Site Scripting

The plugin does not escape some user input before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues. v alert/XSS/ v 0.2.4 - https://example.com/wp-admin/admin.php?page=ibtana-custom-post-type&posttypeid="+style=animation-name:rotation+onanimationstart=alert/XSS/...

6.2AI score

Exploits0

NVD•added 2021/10/05 10:15 p.m.•15 views

CVE-2020-21504

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?&m=Public&a=login...

6.1CVSS0.0024EPSS

Exploits1References1

Prion•added 2021/10/05 10:15 p.m.•10 views

Cross site scripting

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php/Link/addsave...

4.3CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

Prion•added 2021/10/05 10:15 p.m.•10 views

Cross site scripting

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?&m=Public&a=login...

4.3CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

Prion•added 2021/10/05 10:15 p.m.•11 views

Cross site scripting

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?m=Config&a=add...

4.3CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

CVE•added 2021/10/05 9:32 p.m.•39 views

CVE-2020-21506

The CVE-2020-21506 entry concerns waimai Super Cms version 20150505 with a cross-site scripting (XSS) vulnerability in the /admin.php?m=Config&a=add component. The root cause described in connected records is improper input handling that allows injected script to run in a victim’s browser. Impact...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

CVE•added 2021/10/05 9:32 p.m.•41 views

CVE-2020-21504

The CVE-2020-21504 entry documents a cross-site scripting (XSS) vulnerability in waimai Super Cms 20150505, originating from the login component at /admin.php?&m=Public&a=login. Exploitation details are not provided in the documents, but multiple sources describe input handling flaws that enable ...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

Prion•added 2021/10/04 8:15 p.m.•12 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges...

6.8CVSS8.8AI score0.00159EPSS

Exploits1References1Affected Software1

CVE•added 2021/10/04 7:18 p.m.•37 views

CVE-2020-21386

CVE-2020-21386 is a CSRF vulnerability in Maccms 10 affecting the component admin.php/admin/type/info.html. The issue arises from its admin flow failing to verify that requests originate from trusted users, enabling an attacker to gain administrator privileges. The connected documents consistentl...

8.8CVSS8.9AI score0.00159EPSS

Exploits1References1Affected Software1

NVD•added 2021/09/20 9:15 p.m.•9 views

CVE-2021-34650

The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...

6.1CVSS0.00191EPSS

Exploits0References2

Prion•added 2021/09/20 9:15 p.m.•8 views

Cross site scripting

4.3CVSS6.1AI score0.00191EPSS

Exploits0References2Affected Software1

CVE•added 2021/09/20 8:16 p.m.•55 views

CVE-2021-34650

The CVE-2021-34650 entry corresponds to a Reflected Cross-Site Scripting vulnerability in the WordPress plugin eID Easy (versions up to 4.6). The issue arises from the error parameter in admin.php, enabling arbitrary script injection. Public sources consistently identify this as a vulnerability i...

6.1CVSS5.7AI score0.00191EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/09/20 8:16 p.m.•11 views

CVE-2021-34650 eID Easy <= 4.6 Reflected Cross-Site Scripting

5.4CVSS6.2AI score0.00191EPSS

Exploits0References2

WPVulnDB•added 2021/09/17 12:0 a.m.•16 views

eID Easy < 4.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00191EPSS

Exploits0References1Affected Software1

wpexploit•added 2021/08/31 12:0 a.m.•601 views

CF Geo Plugin < 7.13.12 - Reflected Cross-Site Scripting

The plugin does not escape the some parameter before outputting them back in admin pages, leading to a Reflected Cross-Site Scripting issue POST /wp-admin/admin.php?page=cf-geoplugin-activate HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language...

0.5AI score

Exploits0

Prion•added 2021/08/27 7:15 p.m.•16 views

Sql injection

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

6.5CVSS7.4AI score0.00255EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by