CVE-2020-18454

Cross Site Request Forgery CSRF vulnerability in bycms v1.3 via admin.php/systems/index/moduleid/70/groupid/1.html...

Cashtomer <= 1.0.0 - Authenticated SQL Injection

An editid GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=add-social-point&id=facebookshare&editid=-9677%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1...

CVE-2020-20363

Crossi Site Scripting XSS vulnerability in PbootCMS 2.0.3 in admin.php...

Cross site scripting

Crossi Site Scripting XSS vulnerability in PbootCMS 2.0.3 in admin.php...

CVE-2020-20363

CVE-2020-20363 is a Cross‑Site Scripting (XSS) vulnerability in PbootCMS 2.0.3, specifically affecting the admin.php page. The connected CNVD/CNNVD entries describe the root cause as improper validation of client-side data in admin.php, enabling injection of script code. Other sources (NVD, Red H...

CVE-2020-20363

Crossi Site Scripting XSS vulnerability in PbootCMS 2.0.3 in admin.php...

PbootCMS 跨站脚本漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. PbootCMS suffers from a cross-site scripting vulnerability that stems from the product's admin.php page not properly validating client-side data. An attacke...

CVE-2020-18264

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=acteditmember"...

Simple-Log 跨站请求伪造漏洞

Simple-Log is an open source free blog system based on PHP+MySQL. A cross-site request forgery vulnerability exists in Simple-Log v1.6, which is caused by Simple-Log not adequately verifying that requests come from trusted users. The vulnerability can be exploited to gain privileges and execute...

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

Cross site scripting

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

CVE-2020-21003

CVE-2020-21003 affects Pbootcms v2.0.3 and is a cross-site scripting (XSS) vulnerability via admin.php. The connected documents confirm the affected product/version and that the issue is an XSS in the admin.php entry point; no further exploit details, impact scope, or remediation steps are provid...

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

Cross site request forgery (csrf)

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2020-19199

A Cross Site Request Forgery CSRF vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code...

CVE-2020-19199

PHPOK 5.2.060 is affected by a CSRF vulnerability in admin.php?c=admin&f=save that could let a remote attacker execute arbitrary code. Affected component is PHPOK’s admin save endpoint; root cause is a CSRF flaw enabling code execution. Multiple sources (NVD entry CVE-2020-19199 and partner discl...

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

Sql injection

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

CVE-2020-18020

PHPSHE Mall System v1.7 suffers an SQL injection in the user_phone parameter of admin.php, enabling remote attackers to execute arbitrary SQL and potentially compromise the system. Root cause: improper handling of input in the user_phone field. Impact notes: remote code execution is stated in the...