99 matches found
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...
CVE-2022-43030
Siyucms v6.1.7 was discovered to contain a remote code execution RCE vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges...
Design/Logic Flaw
Siyucms v6.1.7 was discovered to contain a remote code execution RCE vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges...
SIYUCMS 安全漏洞
SIYUCMS is a content management system based on ThinkPHP+AdminLTE. SIYUCMS suffers from a remote code execution vulnerability that can be exploited by an attacker to gain server privileges...
CVE-2022-43030
Siyucms v6.1.7 was discovered to contain a remote code execution RCE vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges...
CVE-2022-43030
CVE-2022-43030 affects Siyucms v6.1.7, a ThinkPaP5 AdminLTE-based CMS, with a remote code execution vulnerability in the background command execution path. Exploitation could allow an attacker to gain server privileges (CVE entry level: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H; base score 7.2). The av...
CVE-2022-31029
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...
Code injection
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...
CVE-2022-31029
CVE-2022-31029 affects Pi-hole’s AdminLTE Web Interface (Pi-hole AdminLTE). The vulnerability is an authenticated cross-site scripting (XSS) issue in the AdminLTE UI, specifically when a user with login access enters code like into the field labeled “Domain to look for,” then triggers action (pr...
CVE-2022-31029 Authenticated XSS in Pi-hole AdminLTE
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...
CVE-2022-31029 Authenticated XSS in Pi-hole AdminLTE
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...
CVE-2022-31029 Authenticated XSS in Pi-hole AdminLTE
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...
PT-2022-20473 · Adminlte · Adminlte
Name of the Vulnerable Software and Affected Versions: AdminLTE affected versions not specified Description: The issue allows an attacker to execute scripts by inserting malicious code, such as alert"XSS", into the "Domain to look for" field and then triggering the execution by hitting enter or...
Pi-hole 跨站脚本漏洞
Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. A cross-site scripting vulnerability exists in Pi-hole Adminlte v 5.12 and earlier versions, which stems from a cross-site scripting vulnerability in scripts/pi-hole/php/queryads.php...
Pi-Hole AdminLTE Remote Code Execution Vulnerability
Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...
Sourcecodester Online Event Booking and Reservation System HTML Injection Vulnerability
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...
Sourcecodester Online Event Booking and Reservation System SQL Injection Vulnerability
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students, and instructors. sourcecodester Online Event Booking and...
Sourcecodester Online Event Booking and Reservation System Cross-Site Scripting Vulnerability
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by 3 types of users, namely system administrators, students and faculty. sourcecodester Online Event Booking and Reservation...