1599 matches found
CVE-2019-7570
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI...
CVE-2019-7569
DOYO (doyocms) 2.3 (20140425 update) contains a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. The affected component is the web admin interface; the issue enables privilege elevation by creating a new admin user. The connected documents con...
CVE-2019-7570
CVE-2019-7570 applies to PbootCMS v1.3.6, describing a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to delete user accounts via the admin.php/User/del/ucode/ endpoint. The connected sources confirm the affected product/version and the targeted action, with no additional...
CVE-2019-7569
An issue was discovered in DOYO aka doyocms 2.320140425 update. There is a CSRF vulnerability that can add a super administrator account via admin.php?c=aadminuser&a=add&run=1...
Cross site request forgery (csrf)
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...
CVE-2019-6779
CVE-2019-6779 affects CSCMS 4.1.8. The vulnerability is a CSRF flaw on the admin.php/links/save endpoint, enabling an attacker to add, modify, or delete friend links without providing proper authorization. Root cause stated is lack of CSRF protection on that admin action; exploitation details are...
CVE-2019-6779
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...
ImpressCMS 1.3.11 SQL Injection
Title: ImpressCMS 1.3.11 - 'bid' SQL Injection Date: 21.01.2019 Exploit Author: Mehmet Onder Key Vendor Homepage: http://www.impresscms.org/ Software Link: https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms1.3.11.zip Version: v1.3.11 Category: Webapps Tested on: WAMPP @Win...
CVE-2019-6708
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter...
Sql injection
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state productid parameter...
Sql injection
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter...
CVE-2019-6708
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter...
CVE-2019-6708
PHPSHE 1.7 contains a SQL injection vulnerability via the admin.php?mod=order state parameter. The Connected documents confirm the vulnerability but do not include explicit impact details, exploit information, or remediation.
CVE-2019-6707
CVE-2019-6707 affects PHPSHE 1.7 and is a SQL injection vulnerability in the admin interface. The injection targets the product_id[] parameter via admin.php?mod=product&act=state, enabling manipulation of the underlying database according to the description. The connected sources confirm the vuln...
Sql injection
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipityadmin.php serendipitybody parameter...
Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com
summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...
CVE-2018-20603
Lei Feng TV CMS aka LFCMS 3.8.6 allows admin.php?s=/Member/add.html CSRF...
CVE-2018-20571
CVE-2018-20571 affects DamiCMS 6.0.1. An attacker can remotely read arbitrary files by sending a crafted request to admin.php?s=Tpl/Add/id, demonstrated by reading the global configuration file at .\Public\Config\config.ini.php. The underlying issue is an arbitrary file read path handling in the ...