PT-2025-48385

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 Description A security flaw exists in taosir WTCMS. The issue affects the check/uncheck/delete function within the...

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

Grav 安全漏洞

Grav is a scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav that stems from the fact that an unauthenticated user can execute some methods of the administrator controller without...

PT-2021-14497 · Grav · Grav Admin Plugin

Name of the Vulnerable Software and Affected Versions: Grav Admin Plugin versions 1.10.7 and earlier Description: The issue allows an unauthenticated user to execute certain methods of the administrator controller without credentials, resulting in arbitrary YAML file creation or modification. Thi...