CVE-2014-5194

Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...

Sql injection

SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus simple-retail-menus plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php...

CVE-2014-5184

SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php...

CVE-2014-5082

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

CVE-2014-5082

CVE-2014-5082 relates to multiple SQL injection vulnerabilities in admin/admin.php affecting Sphider 1.3.6 and earlier , including Sphider Pro/Plus . The flaw enables remote attackers to manipulate the underlying database by injecting via the parameters site_id or url , as documented in the CVE e...

blogVault 1.05 - admin.php blogVault Key Setting CSRF

The Backup & Staging – BlogVault Backups WordPress plugin was affected by an admin.php blogVault Key Setting CSRF security vulnerability...

Cart66 Lite - admin.php cart66-products Page Multiple Field Stored XSS

The cart66-lite WordPress plugin was affected by an admin.php cart66-products Page Multiple Field Stored XSS security vulnerability...

WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass

...

WordPress Artiss Code Embed Plugin <= 2.0.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in wp-admin/admin.php suffix parameter. Solution Update the plugin...

WordPress blogVault Plugin <= 1.05 - Cross Site Request Forgery

This plugin is prone to a admin.php blogVault key setting cross site request forgery vulnerability. Solution Update the plugin...

WordPress BSK PDF Manager Plugin <= 1.3 - Cross Site Scripting

This plugin is prone to a cross site scripting in wp-admin/admin.php multiple parameter. Solution Upgrade the plugin...

Sql injection

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

Sql injection

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

CVE-2014-4854

Cross-site scripting XSS vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuclogo parameter in a save action to wp-admin/admin.php...

FengCms 1.19 /admin.php 登录绕过漏洞

No description provided by source...

Invision Power Board 1.0/1.1/1.2 Admin.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8381/info Invision Power Board admin.php script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in an Invision Power Board...

PHPNuke 6.x Category Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the...