EUVD-2018-3061

Malware in sbrugna...

EUVD-2020-16460

Malware in sbrugna...

CVE-2025-6749

A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The...

CVE-2025-6749

CVE-2025-6749 affects huija bicycleSharingServer, specifically the searchAdminMessageShow function in AdminController.java. The vulnerability arises from improper handling of the Title parameter, enabling SQL injection. Exploitation is network-based and can be attempted remotely; exploitation is ...

PT-2025-27047 · Unknown · Huija Bicyclesharingserver

Name of the Vulnerable Software and Affected Versions: huija bicycleSharingServer version 1.0 Description: A critical issue affects the selectAdminByNameLike function of the AdminController.java file, leading to SQL injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2024-13211 SingMR HouseRent AdminController.java access control

A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely...

CVE-2024-36691

Insecure permissions in the AdminController.AjaxSave method of PPGoJobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information...

CVE-2024-36691

PPGo_Jobs v2.8.0 is affected by CVE-2024-36691 due to insecure permissions in AdminController.AjaxSave(). Authenticated users can arbitrarily modify other users’ account information. The vulnerability arises from insufficient access control on the AjaxSave() endpoint. Affected component: AdminCon...

CVE-2024-36691

Insecure permissions in the AdminController.AjaxSave method of PPGoJobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information...

CVE-2024-36691

Insecure permissions in the AdminController.AjaxSave method of PPGoJobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

CVE-2022-38935

An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges...

CVE-2020-23719

Cross site scripting XSS vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter...

CVE-2018-11012

ruibaby Halo 0.0.2 has a stored cross-site scripting vulnerability in which unsanitized input from loginName/loginPwd during a failed login to AdminController.java can be persisted and later executed in victims’ browsers. Public records list CVSS2 base 4.3 (MEDIUM) and CVSS3 base 6.1 (MEDIUM); no...