1593 matches found
CVE-2014-8941
CVE-2014-8941 affects Lexiglot (PHP translation platform) through 2014-11-20. The issue is a SQL injection vulnerability arising from unsafely built queries in the admin interface, specifically via URLs like admin.php?page=users&from_id= and admin.php?page=history&limit=. Evidence across multiple...
CVE-2014-8943
CVE-2014-8943 affects Lexiglot up to 2014-11-20 and enables a server-side request forgery (SSRF) via the admin.php?page=projects svn_url parameter. The available documents identify the vulnerable component as Lexiglot (PHP-based translation platform) and point to the svn_url parameter as the inje...
CVE-2014-8943
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svnurl parameter...
CVE-2014-8945
CVE-2014-8945 affects Lexiglot, a PHP-based translation platform. The vulnerability is a command injection in admin.php?page=projects, exploitable through the username and password fields. Multiple sources confirm the issue, noting it affects Lexiglot releases up to and including 2014-11-20. The ...
Fishing Reservation System 7.5 - (uid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Fishing Reservation System 7.5 - 'uid' SQL Injection Vendor: https://fishingreservationsystem.com/index.html Software: https://fishingreservationsystem.com/features.htm CVE: N/A Technical Details & Description:...
Easy2Pilot 7 - Cross-Site Request Forgery (Add User) Vulnerability
Exploit for php platform in category web applications Exploit Title: Easy2Pilot 7 - Cross-Site Request Forgery Add User Author: indoushka Tested on: windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor: http://easy2pilot-v7.com/ CVE: N/A poc : + Dorking İn Google Or Other Searc...
WordPress Contact-Form-7 5.1.6 Cross Site Scripting
Title : word press plugin contact-form-7 5.1.6 - Cross-Site Scripting - Author : mehran feizi - Vendor : https://wordpress.org/plugins/contact-form-7/ - Tested on : Windows - Category : Webapps - Date : 2020-02-17...
Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS
The Elementor Website Builder WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. /wp-admin/admin.php?page=elementor-system-info&lndan%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1...
CVE-2011-3611
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12...
CVE-2011-3611
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12...
ZenPhoto Cross-Site Request Forgery Vulnerability
ZenPhoto is a free content management system for photo libraries. The system manages images and supports multimedia such as audio and video. A cross-site request forgery vulnerability exists in the admin.php file in Zenphoto versions prior to 1.4.9. The vulnerability stems from the WEB applicatio...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service resource consumption...
CVE-2015-5595
Zenphoto is affected by a CSRF in admin.php prior to version 1.4.9 that could allow an attacker to hijack an admin’s session and trigger requests leading to resource consumption (denial of service). Public sources confirm the vulnerability exists in Zenphoto
CVE-2019-14343
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabularioid=list URI...
Cross site scripting
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabularioid=list URI...
CVE-2019-17593
CVE-2019-17593 affects JIZHICMS 1.5.1, where a CSRF flaw in admin.php/Admin/adminadd.html can be exploited to add an administrator. Multiple sources (NVD, RH, CNVD, OSV, CVE lists) corroborate that this is a cross‑site request forgery vulnerability in JIZHICMS 1.5.1. The CVSS data from NVD indica...
CVE-2019-17580
tonyy dormsystem through 1.3 allows SQL Injection in admin.php...
Sql injection
tonyy dormsystem through 1.3 allows SQL Injection in admin.php...
CVE-2019-17580
tonyy dormsystem through 1.3 allows SQL Injection in admin.php...
CVE-2019-17580
The CVE-2019-17580 entry corresponds to Tooonyy dormsystem prior to or at version 1.3, where a SQL injection vulnerability exists in admin.php due to lack of validation of externally-entered SQL statements. The connected records (CNVD-2020-14283, RH: CVE-2019-17580, OSV and CVE listings) corrobor...