1599 matches found
CVE-2021-27973
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...
CVE-2021-27973
Piwigo has a SQL injection vulnerability (CVE-2021-27973) in versions before 11.4.0, exploitable via the language parameter of admin.php?page=languages. Public writeups/exploits exist for 11.3.0 (e.g., Exploit-DB, PacketStorm) and CVE records note the issue. The CVE entry itself has no confirmed ...
Cross site scripting
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...
CVE-2021-29011
CVE-2021-29011 affects DMA Softlab Radius Manager 4.4.0 and is described as a Cross Site Scripting (XSS) vulnerability exploitable via the description, name, or address fields under admin.php. The connected documents corroborate an XSS issue with this version; CVSS metrics in the primary entry sh...
GHSA-J29G-G982-PWPV Cross-site scripting (XSS)
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...
Cross-site scripting (XSS)
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...
CVE-2021-28006
CVE-2021-28006 affects Web Based Quiz System 1.0 with a reflected/stored XSS vulnerability in the admin.php endpoint via the options parameter. The Red Hat, CNVD, NVD, and CVE records in the connected documents corroborate a cross-site scripting flaw in this component, enabling attacker-injected ...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
Sql injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
CVE-2021-27314
Summary: CVE-2021-27314 targets Doctor Appointment System 1.0 and is an unauthenticated SQL injection in login, exploited via the username parameter in admin.php. The vulnerability arises from improper input handling in PHP/MySQLi, enabling arbitrary SQL execution with high impact (CVSS v3.1: 9.8...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload
"Attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." function submitRequest var xhr = new XMLHttpRequest;...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
Design/Logic Flaw
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...
CVE-2020-29250
CXUUCMS V3 contains a Cross-Site Scripting (XSS) vulnerability that can be triggered via the first and third input fields to /public/admin.php. The issue is documented across multiple connected sources (e.g., Red Hat, CNVD, CVE records) and is described as CXUUCMS V3 allowing XSS through those in...
CVE-2020-35346
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...