1593 matches found
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...
CVE-2021-28006
CVE-2021-28006 affects Web Based Quiz System 1.0 with a reflected/stored XSS vulnerability in the admin.php endpoint via the options parameter. The Red Hat, CNVD, NVD, and CVE records in the connected documents corroborate a cross-site scripting flaw in this component, enabling attacker-injected ...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
Sql injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
CVE-2021-27314
Summary: CVE-2021-27314 targets Doctor Appointment System 1.0 and is an unauthenticated SQL injection in login, exploited via the username parameter in admin.php. The vulnerability arises from improper input handling in PHP/MySQLi, enabling arbitrary SQL execution with high impact (CVSS v3.1: 9.8...
Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload
"Attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." function submitRequest var xhr = new XMLHttpRequest;...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
Design/Logic Flaw
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-29250
CXUUCMS V3 contains a Cross-Site Scripting (XSS) vulnerability that can be triggered via the first and third input fields to /public/admin.php. The issue is documented across multiple connected sources (e.g., Red Hat, CNVD, CVE records) and is described as CXUUCMS V3 allowing XSS through those in...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-35346
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...
Cross site request forgery (csrf)
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add...
Cross site scripting
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...
CVE-2020-35347
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add...
CVE-2020-35346
CXUUCMS V3.1 is affected by a reflected cross-site scripting (XSS) flaw originating from the imgurl parameter in admin.php?c=content&a=add. The vulnerability allows remote attackers to inject arbitrary web script or HTML, as described across multiple sources (NVD, Red Hat, CNVD, CNVD-derived entr...
CVE-2020-35346
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...
Code injection
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS aka Job...