CVE-2020-18065

CVE-2020-18065 affects PopojiCMS 2.0.1, specifically the admin.php?mod=menumanager functionality. The vulnerability is described as a Cross Site Scripting (XSS) issue; the connected documents do not provide technical details such as vulnerable function, input handling, or exploitation vectors. CV...

CVE-2021-39599

CVE-2021-39599 affects CXUUCMS 3.1, with multiple XSS vulnerabilities in public/search.php (search parameter) and admin.php (c parameter). The root cause is unsanitized input leading to client-side code execution. Impact is documented as XSS with potential impact on confidentiality/integrity depe...

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

Display users <= 2.0.0 - Authenticated SQL Injection

The Edit Role functionality in the plugin had an id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=display-users&tab=manage-role&action=edit&id=-4476+UNION+ALL+SELECT+NULL%2Cuser%28%29%2CNULL--+-...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in bycms v1.3 via admin.php/systems/index/moduleid/70/groupid/1.html...

CVE-2020-18454

Cross Site Request Forgery CSRF vulnerability in bycms v1.3 via admin.php/systems/index/moduleid/70/groupid/1.html...

Cashtomer <= 1.0.0 - Authenticated SQL Injection

An editid GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=add-social-point&id=facebookshare&editid=-9677%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1...

CVE-2020-20363

Crossi Site Scripting XSS vulnerability in PbootCMS 2.0.3 in admin.php...

Cross site scripting

Crossi Site Scripting XSS vulnerability in PbootCMS 2.0.3 in admin.php...

CVE-2020-20363

Crossi Site Scripting XSS vulnerability in PbootCMS 2.0.3 in admin.php...

CVE-2020-20363

CVE-2020-20363 is a Cross‑Site Scripting (XSS) vulnerability in PbootCMS 2.0.3, specifically affecting the admin.php page. The connected CNVD/CNNVD entries describe the root cause as improper validation of client-side data in admin.php, enabling injection of script code. Other sources (NVD, Red H...

PbootCMS 跨站脚本漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. PbootCMS suffers from a cross-site scripting vulnerability that stems from the product's admin.php page not properly validating client-side data. An attacke...

CVE-2020-18264

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=acteditmember"...

Simple-Log 跨站请求伪造漏洞

Simple-Log is an open source free blog system based on PHP+MySQL. A cross-site request forgery vulnerability exists in Simple-Log v1.6, which is caused by Simple-Log not adequately verifying that requests come from trusted users. The vulnerability can be exploited to gain privileges and execute...

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

Cross site scripting

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

CVE-2020-21003

CVE-2020-21003 affects Pbootcms v2.0.3 and is a cross-site scripting (XSS) vulnerability via admin.php. The connected documents confirm the affected product/version and that the issue is an XSS in the admin.php entry point; no further exploit details, impact scope, or remediation steps are provid...

CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting XSS via admin.php...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...