1593 matches found
CVE-2018-18486
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
Sql injection
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
CVE-2018-18486
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
Design/Logic Flaw
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Design/Logic Flaw
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Cross site request forgery (csrf)
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18431
DESTOON B2B 7.0 contains a cross-site scripting (XSS) vulnerability exposed via text boxes when visiting admin.php?moduleid=2&action=add. The CVE entry and CNVD/NVD variants describe the same issue, with no explicit details on affected build flavors beyond version 7.0 and the vulnerable input poi...
CVE-2018-18432
Summary: DESTOON B2B 7.0 is affected by a CSRF vulnerability that can be exploited via the admin.php URI with an action=add request. Multiple sources (NVD entry CVE-2018-18432 and CNVD/NVD references) confirm a CSRF flaw in DESTOON B2B 7.0. The CVSS metrics indicate a network-based, high-severity...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18191
CVE-2018-18191 describes a Cross‑Site Request Forgery (CSRF) vulnerability in Dayrui FineCms 5.4, specifically in /admin.php?c=member&m=edit&uid=1, which allows remote attackers to change the administrator’s password. The connected documents confirm the affected product/version and the vulnerable...
Cross site scripting
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
CVE-2018-18082
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
CVE-2018-18069
processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...
CVE-2018-17826
HisiPHP 1.0.8 is vulnerable to CSRF via admin.php/admin/user/adduser.html, enabling an attacker to create an administrator account. This account can then leverage app/common/model/AdminAnnex.php to add .php to the allowed file-upload types list (.jpg, .png, .gif, .jpeg, .ico), facilitating arbitr...
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...