Sql injection

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

CVE-2017-18614

CVE-2017-18614 affects the WordPress plugin kama-clic-counter (v3.4.9) . Multiple connected sources confirm a SQL injection vulnerability exposed via the plugin’s admin.php, specifically the order parameter . The root cause is described as a lack of validation of externally entered SQL statements...

CVE-2015-9292

6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...

Cross site request forgery (csrf)

6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...

CVE-2015-9292

CVE-2015-9292 affects 6kbbs versions 7.1 and 8.0, where a CSRF vulnerability exists in the web interfaces. The flaw allows cross-site requests to be forged via portalchannel_ajax.php (parameters id or code) or admin.php (parameter fileids). The description does not specify affected platforms beyo...

CVE-2015-9292

6kbbs 7.1 and 8.0 allows CSRF via portalchannelajax.php id or code parameter or admin.php fileids parameter...

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

Information disclosure

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain the administrator password...

CVE-2019-11616

CVE-2019-11616 affects doorGets 7.0. The vulnerability is a sensitive information disclosure in /setup/temp/admin.php and /setup/temp/database.php, allowing a remote unauthenticated attacker to obtain the administrator password. Affected software: doorGets 7.0 (web CMS). Root cause and vector det...

CVE-2018-18017

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Galleryid or Gallerytitle parameter...

CVE-2018-17584

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page...

CVE-2018-18261

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter...

Cross site scripting

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter...

CVE-2018-18261

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter...

CVE-2018-18261

CVE-2018-18261 affects waimai Super Cms 20150505. A Cross-Site Scripting (XSS) vulnerability exists via the /admin.php/Foodcat/addsave fcname parameter. The issue arises from improper handling/validation of input, allowing injected scripts to be reflected to users. References in Red Hat and NVD c...

CVE-2019-10888

A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...

Design/Logic Flaw

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...