59 matches found
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...
CVE-2018-9174
sysverifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control...
CVE-2018-7579
\application\admin\controller\updateurls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/updateurls/updatecategoryurl.html...
CVE-2018-6883
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator...
Sql injection
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator...
Sql injection
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter...
CVE-2018-5974
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter...
Sql injection
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter...
Sql injection
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter...
CVE-2018-5974
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter...
CVE-2018-6357
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
CVE-2017-15188
A persistent stored XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admindevice/index.php...
CVE-2017-15188
A persistent stored XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admindevice/index.php...
CVE-2017-14405
The EyesOfNetwork web interface aka eonweb 5.1-0 allows remote command execution via shell metacharacters in a hostscacti array parameter to module/admindevice/index.php...
CVE-2017-14405
The EyesOfNetwork web interface aka eonweb 5.1-0 allows remote command execution via shell metacharacters in a hostscacti array parameter to module/admindevice/index.php...
CVE-2017-14405
The EyesOfNetwork web interface aka eonweb 5.1-0 allows remote command execution via shell metacharacters in a hostscacti array parameter to module/admindevice/index.php...
CVE-2017-14069
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php...
CVE-2017-11736
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...
CVE-2017-11736
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...
Sql injection
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account...