CVE-2019-6779

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...

ImpressCMS 1.3.11 SQL Injection

Title: ImpressCMS 1.3.11 - 'bid' SQL Injection Date: 21.01.2019 Exploit Author: Mehmet Onder Key Vendor Homepage: http://www.impresscms.org/ Software Link: https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms1.3.11.zip Version: v1.3.11 Category: Webapps Tested on: WAMPP @Win...

CVE-2019-6708

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter...

Sql injection

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter...

Sql injection

PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state productid parameter...

CVE-2019-6708

PHPSHE 1.7 contains a SQL injection vulnerability via the admin.php?mod=order state parameter. The Connected documents confirm the vulnerability but do not include explicit impact details, exploit information, or remediation.

CVE-2019-6707

CVE-2019-6707 affects PHPSHE 1.7 and is a SQL injection vulnerability in the admin interface. The injection targets the product_id[] parameter via admin.php?mod=product&act=state, enabling manipulation of the underlying database according to the description. The connected sources confirm the vuln...

CVE-2019-6708

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter...

Sql injection

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...

CVE-2019-6691

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...

CVE-2016-10737

Serendipity 2.0.4 has XSS via the serendipityadmin.php serendipitybody parameter...

Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com

summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...

CVE-2018-20603

Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...

CVE-2018-20571

CVE-2018-20571 affects DamiCMS 6.0.1. An attacker can remotely read arbitrary files by sending a crafted request to admin.php?s=Tpl/Add/id, demonstrated by reading the global configuration file at .\Public\Config\config.ini.php. The underlying issue is an arbitrary file read path handling in the ...

Design/Logic Flaw

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

CVE-2018-16634

The vulnerability CVE-2018-16634 affects the Pluck CMS v4.7.7. A Cross-Site Request Forgery (CSRF) exists that allows an attacker to perform unauthorized actions via admin.php?action=settings, such as changing site name and email parameters. This is documented in CNVD-2018-25041 (Pluck CSRF vulne...

CVE-2018-16633

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title...

CVE-2018-16633

Pluck v4.7.7 contains a cross-site scripting (XSS) vulnerability that can be triggered via the page title when editing a page (admin.php?action=editpage&page=...). The underlying issue is a lack of proper sanitization/escaping for the title parameter, enabling injection of malicious scripts. The ...

CVE-2018-19853

An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability that allows control over the whole web site via the admin.php/user/add URI because a storekeeper account which is supposed to have only privileges for commodity management can add an...