CVE-2022-45224

CVE-2022-45224 is an XSS vulnerability affecting the Web-Based Student Clearance System v1.0, with the flaw in Admin/add-admin.php where a crafted payload in the txtfullname parameter can execute arbitrary scripts/HTML. The connected sources confirm the issue but do not provide exploit details or...

CVE-2022-3973 Pingkon HMS-PHP Data Pump Metadata admin.php sql injection

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2022-3973

CVE-2022-3973 affects Pingkon HMS-PHP, specifically the Data Pump Metadata component, in the file /admin/admin.php. The issue is a SQL injection caused by manipulation of the uname/pass parameter, allowing remote exploitation. Multiple sources (NVD, CVE lists, Red Hat, PRION, etc.) confirm a crit...

CVE-2022-43076

The vulnerability CVE-2022-43076 affects Web-Based Student Clearance System v1.0. A cross-site scripting (XSS) flaw exists in the /admin/edit-admin.php endpoint, exploitable by injecting crafted payloads into the txtemail parameter to execute arbitrary web scripts/HTML. The provided references co...

CVE-2022-3733

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2022-3733

SourceCodester Web-Based Student Clearance System is affected. The vulnerability is in Admin/edit-admin.php where manipulating the id parameter triggers a SQL injection. It can be exploited remotely and publicly disclosed; no remediation details are provided in the supplied documents.

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress v1.2.1, which was discovered to contain a cross-site scripting XSS vulnerability via the page parameter on /Flatpress/admin.php...

CVE-2022-36572

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution RCE vulnerability via the component /upload/admin.php?/deal/...

Remote code execution

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution RCE vulnerability via the component /upload/admin.php?/deal/...

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt...

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt...

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...

Sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

CVE-2017-20103 Kama Click Counter Plugin admin.php Blind sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

CVE-2017-20103

CVE-2017-20103 describes a blind SQL injection in the Kama Click Counter Plugin (up to version 3.4.8) affecting wp-admin/admin.php via the order_by/order parameter (ASC, (select sleep(2))). The vulnerability can be exploited remotely and the public exploit has been disclosed. Upgrading to version...

CVE-2020-20971

Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...

CVE-2020-20971

Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...

CSCMS Music Portal System SQL Injection Vulnerability (CNVD-2022-45400)

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter in /admin.php/singer/admin/singer/del fo...

Piwigo SQL Injection Vulnerability (CNVD-2022-43223)

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A SQL injection vulnerability exists in Piwigo version 11.5.0, which stems from a lack of validation of the id parameter in admin.php...