CVE-2024-2394 SourceCodester Employee Management System add-admin.php unrestricted upload

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched...

PT-2024-20191 · Sourcecodester · Sourcecodester Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /Admin/add-admin.php, where the manipulation of the avatar argument leads to unrestricted upload. This issue ca...

Cross site scripting

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...

PT-2023-31244 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: XunRuiCMS version 4.5.5 Description: A reflective cross-site scripting XSS issue was found in XunRuiCMS via the component /admin.php. This allows for potential XSS attacks. Recommendations: For XunRuiCMS version 4.5.5, as a temporary...

CVE-2023-49490

XunRuiCMS v4.5.5 contains a reflective cross-site scripting (XSS) vulnerability exploitable via the component /admin.php. The issue is documented across multiple sources (NVD, Red Hat, CNNVD, CVE listing) and is associated with XunRuiCMS 4.5.5. The root cause is reflective XSS in /admin.php, allo...

CVE-2023-49490

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...

CVE-2023-48940

A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

Design/Logic Flaw

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

PT-2023-30271 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.41 Description: An issue in lmxcms allows a remote attacker to execute arbitrary code via a crafted script to the "admin.php" file. Recommendations: For lmxcms version 1.41, consider disabling access to the "admin.php" file a...

CVE-2023-45201

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

Open redirect

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

PT-2023-29454 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. The 'q' parameter of the "admin.php" resource is vulnerable to Open Redirect attacks...

The vulnerability in the admin.php script of the WordPress content management system’s “My Sticky Elements” plugin allows attackers to perform cross-site scripting attacks.

The vulnerability of the admin.php script on the WordPress administration panel of the My Sticky Elements plugin is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

Cross site scripting

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting XSS vulnerability is in the /admin.php?page=plugins&tab=new&installstatus=ok&pluginid=here page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS co...

Lamano CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Lamano CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

Sql injection

A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was...