133 matches found
CVE-2020-25124
CVE-2020-25124 affects vBulletin 5.6.3 Admin CP. The vulnerability is a cross-site scripting (XSS) flaw exploitable via a crafted URI in admincp/attachment.php&do=rebuild&type=, enabling script execution in the context of an admin user. Public sources in the connected set confirm the issue and pr...
vBulletin 5.6.2 Persistent Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...
idreamsoft iCMS spider_project.admincp.php file SQL injection vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the spiderproject.admincp.php file in idreamsoft iCMS version 7.0.14. The vulnerability stems from a lack of validation of externally entered SQL statements in...
CVE-2019-11426
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...
idreamsoft iCMS Cross-Site Scripting Vulnerability (CNVD-2019-12120)
iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site scripting vulnerability exists in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14, which can be exploited by an attacker via the admincp.php?app=config tab parameter...
CVE-2019-11426
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...
SQL Injection Vulnerability in iCMS Backend da***.admincp File
iCMS is a free, clean, efficient, and useful PHP content management system. There is a SQL injection vulnerability in the iCMS backend da.admincp file, which can be exploited by attackers to obtain sensitive database information...
idreamsoft iCMS Directory Traversal Vulnerability (CNVD-2019-12125)
iCMS is an efficient and simple content management system built with PHP and MySQL. A directory traversal vulnerability exists in the editor/editor.admincp.php file in idreamsoft iCMS version 7.0.13, which can be exploited to view files in a folder with the help of a '...' directory traversal...
CVE-2019-7237
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal...
CVE-2019-6259
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php dataid parameter...
CVE-2018-19464
Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...
idreamsoft iCMS Path Traversal Vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A path traversal vulnerability exists in admincp.php?app=config in idreamsoft iCMS version 7.0.11, which can be exploited by remote attackers to execute arbitrary PHP code in a ZIP file...
idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-10136)
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS version 7.0.10, which can be exploited by remote attackers to add an administrator account with the help of admincp.php?app=user&do=save...
Cross site request forgery (csrf)
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...
CVE-2018-16314
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...
iCMS SQL Injection Vulnerability (CNVD-2018-14361)
iCMS is a content management system CMS built with PHP and MySQL databases. A SQL injection vulnerability exists in the spider.admincp.php file in iCMS version 7.0.8. A remote attacker can exploit this vulnerability by sending an app=spider&do=batch request with the 'id' parameter to the...
Cross site request forgery (csrf)
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...
CVE-2018-12583
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php...
CVE-2018-12583
AKCMS 6.1 is affected by a cross-site request forgery (CSRF) that can delete articles via the admincp deleteitem action to index.php. The vulnerability is described in CVE-2018-12583 and corroborated by CNVD-2018-14261 and related records, which state an attacker could exploit CSRF to delete arti...
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...