1599 matches found
Arbitrary file deletion
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt...
SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting
The plugin does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored in their cookies with an XSS payloa...
Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting
The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...
ZZCMS Access Control Error Vulnerability
ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS suffers from an access control error vulnerability that stems from an incorrect access control vulnerability in zzcms via admin.php, which can be exploited by an attacker to directly access the administrator console afte...
Improper access control
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console...
CVE-2021-43703
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console...
Directory traversal
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php...
CVE-2020-18438
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php...
CVE-2020-18438
CVE-2020-18438 is a directory traversal vulnerability in qinggan/phpok 5.1. The flaw allows an attacker to disclose sensitive information by manipulating the title parameter in admin.php. This is documented across multiple connected sources (NVD entry and CNVD/CNNVD variants) confirming the affec...
qinggan phpok 路径遍历漏洞
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A directory traversal vulnerability exists in phpok version 5.1. The vulnerability can be exploited to disclose sensitive information via the title parameter of admin.php...
Ibtana - Ecommerce Product Addons < 0.2.4 - Reflected Cross-Site Scripting
The plugin does not escape some user input before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues. v alert/XSS/ v 0.2.4 - https://example.com/wp-admin/admin.php?page=ibtana-custom-post-type&posttypeid="+style=animation-name:rotation+onanimationstart=alert/XSS/...
CVE-2020-21504
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?&m=Public&a=login...
Cross site scripting
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?&m=Public&a=login...
Cross site scripting
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?m=Config&a=add...
Cross site scripting
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php/Link/addsave...
CVE-2020-21506
The CVE-2020-21506 entry concerns waimai Super Cms version 20150505 with a cross-site scripting (XSS) vulnerability in the /admin.php?m=Config&a=add component. The root cause described in connected records is improper input handling that allows injected script to run in a victim’s browser. Impact...
CVE-2020-21504
The CVE-2020-21504 entry documents a cross-site scripting (XSS) vulnerability in waimai Super Cms 20150505, originating from the login component at /admin.php?&m=Public&a=login. Exploitation details are not provided in the documents, but multiple sources describe input handling flaws that enable ...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges...
CVE-2020-21386
CVE-2020-21386 is a CSRF vulnerability in Maccms 10 affecting the component admin.php/admin/type/info.html. The issue arises from its admin flow failing to verify that requests originate from trusted users, enabling an attacker to gain administrator privileges. The connected documents consistentl...
CVE-2021-34650
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...