EUVD-2025-36393

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

EUVD-2013-6053

Malware in sbrugna...

CVE-2023-47327

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

CVE-2020-28884

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groo...

PT-2018-5678 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1 Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a...

CVE-2013-6224

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a name in the call administrator feature, 2 unspecified vectors to the admins visitor information panel, or 3 a text message in a chat session, which i...