CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...

CVE-2023-33601

CVE-2023-33601 describes an arbitrary file upload vulnerability in the PHPok web application (version 6.4.100). The flaw resides in the /admin.php?c=upload endpoint, allowing an attacker to upload a crafted PHP file to achieve arbitrary code execution. The provided connected documents confirm the...

CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

PHPOK Arbitrary File Upload Vulnerability (CNVD-2023-43865)

PHPOK is an enterprise building system that supports expansion. PHPOK version 6.4.100 suffers from an arbitrary file upload vulnerability, which stems from admin.php?c=upload&f=zip&noCache=0.1683794968 lack of valid validation of the uploaded file. An attacker can exploit this vulnerability to...

PT-2023-21309 · Unknown · Code-Projects Bus Dispatch/Information System

Name of the Vulnerable Software and Affected Versions: code-projects Bus Dispatch and Information System version 1.0 Description: A critical issue has been found in the code-projects Bus Dispatch and Information System, affecting an unknown functionality of the file view admin.php. The manipulati...

Open redirect

A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirecturl leads to open redirect. T...

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

Sql injection

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

CVE-2023-1947

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-1947 taoCMS admin.php code injection

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

taoCMS 代码注入漏洞

taoCMS is a Chinese micro CMS Content Management System. A code injection vulnerability exists in taoCMS version 3.0.2, which stems from a problem in the file /admin/admin.php that can lead to code injection...

CVE-2023-26784

SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admincommonuser parameter...

CVE-2021-34167

Cross Site Request Forgery CSRF vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php...

CVE-2023-0840

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has...

Clickjacking

cockpit-hq is vulnerable to Clickjacking. The vulnerability exists due to the lack of the x-frame-options header in admin.php which allows an attacker to misdirect the user, making them click something unintentionally...

Stored XSS via blog author parameter on admin.php?p=config

Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...

Cross site scripting

A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to...

PT-2022-9011 · Unknown · Annyshow Duxcms

Name of the Vulnerable Software and Affected Versions: annyshow DuxCMS version 2.1 Description: A vulnerability was found in the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the content argument leads to cross-site scripting. It is possible to...

Cross site scripting

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...

PT-2022-27444 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter in the Admin/add-admin.php file. This enables the...