Lucene search
K

1339 matches found

OSV
OSV
added 2022/05/03 2:15 p.m.17 views

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

7.2CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2022/05/03 2:15 p.m.14 views

Remote code execution

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

6.5CVSS7.2AI score0.24028EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/05/03 1:57 p.m.77 views

CVE-2022-28590

CVE-2022-28590 affects Pixelimity 1.0. The vulnerability enables remote code execution via admin/admin-ajax.php?action=install_theme. Multiple sources describe an arbitrary file upload path that can lead to code execution, with public PoC showing webshell upload to facilitate further access. The ...

7.2CVSS7.2AI score0.24028EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/05/03 1:57 p.m.21 views

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

7.5AI score0.24028EPSS
Exploits2References1
OSV
OSV
added 2022/04/23 12:40 a.m.4 views

GHSA-9JQ2-JVWC-P52F Contao core SQL Injection Vulnerability

Contao core prior to 2.11.4 has a SQL injection vulnerability in contao-2.11.3\system\modules\backend\Ajax.php...

8.8CVSS7.7AI score0.00919EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/04/23 12:40 a.m.18 views

Contao core SQL Injection Vulnerability

Contao core prior to 2.11.4 has a SQL injection vulnerability in contao-2.11.3\system\modules\backend\Ajax.php...

8.8CVSS7.7AI score0.00919EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2022/04/12 12:0 a.m.24 views

zbzcms SQL Injection Vulnerability (CNVD-2022-30430)

zbzcms Station Helper CMS is a content management website of China Station Helper CMS zbzcms Inc. zbzcms version 1.0 has a SQL injection vulnerability, which originates from a SQL injection vulnerability found through the id parameter of /php/ajax.php. No detailed vulnerability details are...

6.5CVSS2.2AI score0.00677EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/10 9:15 p.m.4 views

CVE-2022-27129

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS6.2AI score0.01465EPSS
Exploits0References2
NVD
NVD
added 2022/04/10 9:15 p.m.12 views

CVE-2022-27125

zbzcms v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the neirong parameter at /php/ajax.php...

6.1CVSS0.00591EPSS
Exploits0References1
Prion
Prion
added 2022/04/10 9:15 p.m.16 views

Design/Logic Flaw

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

7.5CVSS9.6AI score0.01465EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/10 8:24 p.m.77 views

CVE-2022-27125

CVE-2022-27125 affects zbzcms v1.0, with a stored cross-site scripting (XSS) vulnerability exploitable via the neirong parameter in /php/ajax.php. The NVD entry lists potential impact as partial integrity and low confidentiality, with CVSSv3.1 base score 6.1 (NETWORK, LOW ATTACK COMPLEXITY, USER ...

6.1CVSS6AI score0.00591EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/10 8:24 p.m.15 views

CVE-2022-27125

zbzcms v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the neirong parameter at /php/ajax.php...

6.2AI score0.00591EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/10 8:24 p.m.17 views

CVE-2022-27127

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php...

7AI score0.00677EPSS
Exploits0References1
CVE
CVE
added 2022/04/10 8:24 p.m.85 views

CVE-2022-27129

CVE-2022-27129 affects zbzcms v1.0, where an arbitrary file upload vulnerability in /admin/ajax.php can be exploited to execute arbitrary PHP code via a crafted file. The issue enables remote code execution with no authentication and minimal prerequisites, as indicated by the associated CVSS data...

9.8CVSS9.5AI score0.01465EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.79 views

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

5.4CVSS0.6AI score0.0058EPSS
Exploits2
0day.today
0day.today
added 2022/03/30 12:0 a.m.240 views

WordPress Easy Cookie Policy 1.6.2 Plugin - Broken Access Control to Stored XSS Vulnerability

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any authenticated use...

6.5CVSS0.4AI score0.10993EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.260 views

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS0.2AI score0.10993EPSS
Exploits5
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.136 views

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart&artID=sleep10 v 6.1.6 -...

8.8CVSS1.9AI score0.01341EPSS
Exploits2
OSV
OSV
added 2022/03/18 5:49 p.m.18 views

GHSA-W4F3-7F7C-X652 SQL Injection in tribalsystems/zenario

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...

9.1CVSS9.6AI score0.04572EPSS
Exploits1References5
wpexploit
wpexploit
added 2022/03/16 12:0 a.m.121 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.02254EPSS
Exploits2
Rows per page
Query Builder