1599 matches found
CVE-2018-16315
CVE-2018-16315 affects waimai Super Cms 20150505 with a CSRF weakness that allows an attacker to alter configuration through admin.php?m=Config&a=add. The CNVD/CVE records describe remote exploitation that enables configuration changes via crafted requests; NVD notes CSRF vector affecting configu...
Directory traversal
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
Design/Logic Flaw
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16238
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16238
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...
Command injection
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...
CVE-2018-15570
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter...
CVE-2018-15568
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...
CVE-2018-15566
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...
Cross site scripting
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter...
CVE-2018-15568
The CVE-2018-15568 issue affects tp5cms (ThinkPHP-based CMS) through 2017-05-25, with a Cross-Site Request Forgery (CSRF) vulnerability exposed via the admin.php/category/delete.html page. The vulnerability allows CSRF to cause deletion actions (notably “type items”) when an attacker entices an a...
CVE-2018-15566
CVE-2018-15566 affects tp5cms prior to or on 2017-05-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the q parameter in admin.php/article/index.html, enabling injection of arbitrary script/HTML. Affected component is tp5cms’s admin article listing functionality; root ca...
CVE-2018-15570
The CVE refers to CVE-2018-15570 affecting waimai Super Cms 20150505, with a stored XSS in the /admin.php/Foodcat/editsave fcname parameter. The available connected sources confirm the vulnerability type (stored XSS) and the affected component/parameter, but do not provide explicit patch/version ...
CVE-2018-15198
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...
CVE-2018-15197
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges...
CVE-2018-15198
CVE-2018-15198 affects OneThink v1.1. A CSRF in admin.php?s=/User/add.html can add a user. Exploitation context and impact are described (CVSS2/3: base scores 6.8/8.8; network vector, no auth, user interaction required). No remediation/patch details are provided in the connected documents; no add...
CVE-2018-15197
CVE-2018-15197 affects OneThink v1.1. A CSRF in admin.php?s=/AuthManager/addToGroup.html could grant administrator privileges, enabling privilege escalation. The issue is described across multiple feeds (NVD/Red Hat/CVEs) as allowing an attacker to endow admin rights; no public exploit details or...