CVE-2020-35656

CVE-2020-35656 affects Jaws (CMS) up to version 1.8.0. The vulnerability arises from crafted requests to admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files, which allow an authenticated administrator to upload a .php file an...

Sql injection

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevelid=1 userlevelid parameter...

CVE-2020-19165

PHPSHE 1.7 is affected by CVE-2020-19165: an SQL injection in the admin.php?mod=user&userlevel_id=1 and userlevel_id[] parameter. The issue originates from unsafely handling userlevel_id input, enabling an attacker to manipulate SQL queries. No remediation details are provided in the connected do...

CVE-2020-19165

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevelid=1 userlevelid parameter...

CVE-2020-25273

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection...

CVE-2020-17551

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...

CVE-2020-17551

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...

Remote code execution

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...

CVE-2020-17551

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...

CVE-2020-21564

CVE-2020-21564 concerns Pluck CMS versions 4.7.10-dev2 and 4.7.11, where a file upload vulnerability can lead to remote command execution via the endpoint admin.php?action=files. The sources provided describe the vulnerability but do not specify additional technical details, exploit status, affec...

Cross site scripting

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting XSS via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed...

CVE-2020-10984

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF...

CVE-2020-10984

Gambio GX (before 4.0.1.0) contains a CSRF vulnerability in admin/admin.php. The CVE entry CVE-2020-10984 documents a cross-site request forgery flaw affecting the admin interface; no explicit remediation is provided in the connected sources. The public references confirm the affected product/ver...

CVE-2020-10984

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF...

CVE-2019-19110

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter...

CVE-2014-8943

Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svnurl parameter...

CVE-2014-8944

Lexiglot through 2014-11-20 allows XSS Reflected via the username, or XSS Stored via the admin.php?page=config installname, intromessage, or newfilecontent parameter...

Sql injection

Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&fromid= or admin.php?page=history&limit= URI...

Cross site scripting

Lexiglot through 2014-11-20 allows XSS Reflected via the username, or XSS Stored via the admin.php?page=config installname, intromessage, or newfilecontent parameter...

Server side request forgery (ssrf)

Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svnurl parameter...