EUVD-2025-199763

An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...

CVE-2025-65276

An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...

hashtech 安全漏洞

hashtech is an online shopping platform by henz individual developers. A security vulnerability exists in HashTech that stems from a lack of authentication checks in /adminindex.php, which could allow an unauthenticated attacker to gain direct access to the admin dashboard...

CVE-2025-12336

A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminindex.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is...

EUVD-2025-36394

A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminindex.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is...

EUVD-2019-7873

Malware in sbrugna...

EUVD-2023-23750

Malicious code in bioql PyPI...

EUVD-2025-18716

Malicious code in bioql PyPI...

CVE-2025-6306

The CVE-2025-6306 vulnerability affects code-projects Online Shoe Store 1.0, specifically the admin_index.php file. The issue arises from unsafely handled input in the Username parameter, enabling SQL injection through the web interface. Evidence from multiple connected sources indicates remote e...

CVE-2023-1503

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/adminindex.php. The manipulation of the argument username/password with the input admin' AND SELECT 8062 FROM SELECTSLEEP5meUD-- hLiX lead...

CVE-2023-1503 SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/adminindex.php. The manipulation of the argument username/password with the input admin' AND SELECT 8062 FROM SELECTSLEEP5meUD-- hLiX lead...

CVE-2023-1503

CVE-2023-1503 affects SourceCodester Alphaware Simple E-Commerce System 1.0. A SQL injection vulnerability exists in the admin/admin_index.php file, triggered by manipulating the username/password inputs (example payload: admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX). The issue all...

CVE-2019-17522

A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the adminindex.php?page=settings SITE NAME field aka SITENAME, a related issue to CVE-2011-4709.1...

CVE-2012-2937

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 list parameter in a move action to admin/adminindex.php, 2 display parameter in a minimize action to admin/adminindex.php, 3 enabled parameter to admin/adminusers.ph...

Pligg CMS 1.2.1 SQL注入漏洞

Bugtraq ID: 53625 Pligg CMS是一款内容管理系统。 Pligg CMS包含的admin/adminindex.php，admin/adminusers.php，module.php脚本不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可获得数据库信息或控制应用系统。 0 Pligg CMS 1.2.1 厂商解决方案 Pligg CMS 1.2.2已经修复此漏洞，建议用户下载使用： http://forums.pligg.com/downloads.php?do=file&id=15...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the 1 SITENAME parameter to adminindex.php, or the 2 return and 3 search parameters to index.php. NOTE: some of these details a...

Search Plugin for Hotaru CMS 1.4.2 - admin_index.php?site_name Cross-Site Scripting

Search Plugin for Hotaru CMS 1.4.2 - adminindex.php?sitename Cross-Site Scripting source: https://www.securityfocus.com/bid/50657/info Hotaru CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically...

CVE-2011-1100

Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 findfid, 2 id, 3 selectfcat, 4 selectfmon, or 5 selectftag parameter in an images action...

CVE-2009-3509

CVE-2009-3509 affects CJ Dynamic Poll PRO 2.0, specifically the admin/admin_index.php component. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via PATH_INFO, indicating insufficient input handling for path information. T...

CVE-2008-0572

Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MMGLOBALShome parameter to 1 acweb/adminindex.php; and 2 ask.inc.php, 3 learn.inc.php, 4 manage.inc.php, 5 mind.inc.php, and 6 sensory.inc.php in include/...