Lucene search
K

133 matches found

CVE
CVE
added 2020/09/03 5:18 p.m.56 views

CVE-2020-25124

CVE-2020-25124 affects vBulletin 5.6.3 Admin CP. The vulnerability is a cross-site scripting (XSS) flaw exploitable via a crafted URI in admincp/attachment.php&do=rebuild&type=, enabling script execution in the context of an admin user. Public sources in the connected set confirm the issue and pr...

4.8CVSS4.8AI score0.00553EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2020/08/18 12:0 a.m.333 views

vBulletin 5.6.2 Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

0.1AI score
Exploits0
CNVD
CNVD
added 2019/10/16 12:0 a.m.2 views

idreamsoft iCMS spider_project.admincp.php file SQL injection vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the spiderproject.admincp.php file in idreamsoft iCMS version 7.0.14. The vulnerability stems from a lack of validation of externally entered SQL statements in...

9.8CVSS8.2AI score0.01095EPSS
Exploits1References1
NVD
NVD
added 2019/04/22 11:29 a.m.8 views

CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

6.1CVSS6AI score0.00826EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/22 12:0 a.m.2 views

idreamsoft iCMS Cross-Site Scripting Vulnerability (CNVD-2019-12120)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site scripting vulnerability exists in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14, which can be exploited by an attacker via the admincp.php?app=config tab parameter...

6.1CVSS6.4AI score0.00826EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/21 9:35 p.m.11 views

CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

6AI score0.00826EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/06 12:0 a.m.2 views

SQL Injection Vulnerability in iCMS Backend da***.admincp File

iCMS is a free, clean, efficient, and useful PHP content management system. There is a SQL injection vulnerability in the iCMS backend da.admincp file, which can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2019/01/31 12:0 a.m.1 views

idreamsoft iCMS Directory Traversal Vulnerability (CNVD-2019-12125)

iCMS is an efficient and simple content management system built with PHP and MySQL. A directory traversal vulnerability exists in the editor/editor.admincp.php file in idreamsoft iCMS version 7.0.13, which can be exploited to view files in a folder with the help of a '...' directory traversal...

7.5CVSS6.9AI score0.02247EPSS
Exploits1References1
OSV
OSV
added 2019/01/30 9:29 p.m.1 views

CVE-2019-7237

An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal...

7.5CVSS5.8AI score0.02247EPSS
Exploits1References1
OSV
OSV
added 2019/01/14 2:29 p.m.3 views

CVE-2019-6259

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php dataid parameter...

9.8CVSS7.4AI score0.01505EPSS
Exploits1References1
OSV
OSV
added 2018/11/22 9:29 p.m.5 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

4.8CVSS5.8AI score0.00513EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/04 12:0 a.m.2 views

idreamsoft iCMS Path Traversal Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A path traversal vulnerability exists in admincp.php?app=config in idreamsoft iCMS version 7.0.11, which can be exploited by remote attackers to execute arbitrary PHP code in a ZIP file...

7.2CVSS7.4AI score0.02435EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/03 12:0 a.m.2 views

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-10136)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS version 7.0.10, which can be exploited by remote attackers to add an administrator account with the help of admincp.php?app=user&do=save...

8.8CVSS8.9AI score0.00614EPSS
Exploits1References1
Prion
Prion
added 2018/09/02 3:29 a.m.14 views

Cross site request forgery (csrf)

An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...

6.8CVSS8.7AI score0.00614EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/01 6:29 p.m.1 views

CVE-2018-16314

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...

8.8CVSS5.8AI score0.00664EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/20 12:0 a.m.3 views

iCMS SQL Injection Vulnerability (CNVD-2018-14361)

iCMS is a content management system CMS built with PHP and MySQL databases. A SQL injection vulnerability exists in the spider.admincp.php file in iCMS version 7.0.8. A remote attacker can exploit this vulnerability by sending an app=spider&do=batch request with the 'id' parameter to the...

9.8CVSS9.9AI score0.01452EPSS
Exploits1References1
Prion
Prion
added 2018/06/19 6:29 p.m.10 views

Cross site request forgery (csrf)

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...

5.8CVSS6.5AI score0.00484EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/06/19 6:29 p.m.12 views

CVE-2018-12583

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...

6.5CVSS6.5AI score0.00484EPSS
Exploits1References2
CVE
CVE
added 2018/06/19 6:0 p.m.35 views

CVE-2018-12583

AKCMS 6.1 is affected by a cross-site request forgery (CSRF) that can delete articles via the admincp deleteitem action to index.php. The vulnerability is described in CVE-2018-12583 and corroborated by CNVD-2018-14261 and related records, which state an attacker could exploit CSRF to delete arti...

6.5CVSS6.4AI score0.00484EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/04/20 6:29 p.m.1 views

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...

5.4CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder