1599 matches found
CVE-2018-19318
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account...
CVE-2018-19318
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account...
CVE-2018-19319
SRCMS 3.0.0 contains a CSRF vulnerability that allows an attacker to change product prices via admin.php?m=Admin&c=gifts&a=update, exploiting the super administrator’s privileges. The issue arises from lack of proper CSRF protection for admin actions, enabling unauthorized price modification. Doc...
CVE-2018-19318
The CVE-2018-19318 issue affects SRCMS 3.0.0 and is a CSRF vulnerability that can be exploited via admin.php?m=Admin&c=manager&a=update to alter the super administrator’s username and password. Root cause: CSRF on the admin update endpoint allows unauthorized change of credentials. Impact: compro...
CVE-2018-18380
CVE-2018-18380 affects BigTree (Bigtree) CMS prior to 4.2.24. The admin.php flow accepts a user-supplied PHP session ID after login instead of regenerating a new one, enabling session hijacking (session fixation). Documents indicate this is fixed in 4.2.24; remediation is to upgrade to 4.2.24 or ...
CVE-2018-18380
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session...
CVE-2018-18486
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
Sql injection
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
CVE-2018-18486
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...
Design/Logic Flaw
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Design/Logic Flaw
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
Cross site request forgery (csrf)
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
CVE-2018-18432
Summary: DESTOON B2B 7.0 is affected by a CSRF vulnerability that can be exploited via the admin.php URI with an action=add request. Multiple sources (NVD entry CVE-2018-18432 and CNVD/NVD references) confirm a CSRF flaw in DESTOON B2B 7.0. The CVSS metrics indicate a network-based, high-severity...
CVE-2018-18431
DESTOON B2B 7.0 contains a cross-site scripting (XSS) vulnerability exposed via text boxes when visiting admin.php?moduleid=2&action=add. The CVE entry and CNVD/NVD variants describe the same issue, with no explicit details on affected build flavors beyond version 7.0 and the vulnerable input poi...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...