CVE-2026-30452

CVE-2026-30452 affects Textpattern CMS 4.9.0. A Broken Access Control flaw in the article management workflow lets authenticated users with low privileges modify articles owned by higher-privilege users. By altering the article ID parameter during the duplicate-and-save process in textpattern/inc...

CVE-2024-44839

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php...

paicoding 安全漏洞

paicoding is an open source community system for itwanger individual developers. A security vulnerability exists in paicoding version 1.0.3, which stems from improper authorization due to misuse of the parameter articleId in the file /article/api/post...

Improper Access Control

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where a low-privileged user can modify and delete admin articles by changing the value of the articleid parameter. Remediation...

PT-2022-14130 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify/publify versions prior to 9.2.9 Description: The issue allows a low-privileged user to bypass authorization and access sensitive information by manipulating a user-controlled key. Specifically, this can be achieved by modifying the...

WordPress plugin PostX Gutenberg Blocks Saved Templates Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PostX...

CVE-2018-20589

Ivan Cordoba Generic Content Management System CMS through 2018-04-28 has XSS via the Administrator/addpictures.php article ID...

CVE-2018-20589

Ivan Cordoba Generic Content Management System CMS through 2018-04-28 has XSS via the Administrator/addpictures.php article ID...

pantamusik.com XSS vulnerability

Open Bug Bounty ID: OBB-442008 Description| Value ---|--- Affected Website:| pantamusik.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection

ZeroCMS v1.0 SQL Injection Vulnerability zerotransactarticle.php articleid POST parameter Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: High CWE: 89 - http://cwe.mitre.org/data/definitions/89.html CVE: CVE-2014-4194 Date: 20/06/2014...

ZeroCMS 1.0 (article_id) SQL Injection Vulnerability

Summary ZeroCMS is a very simple Content Management System built using PHP and MySQL. Description Input passed via the 'articleid' GET parameter to zeroviewarticle.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...

PT-2010-1972 · Joomlabamboo +1 · Joomlabamboo Simpla Admin Template +1

Name of the Vulnerable Software and Affected Versions: JoomlaBamboo JB Simpla Admin template for Joomla affected versions not specified Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com content...

VanGogh Web CMS 0.9 - article_ID SQL Injection

VanGogh Web CMS 0.9 - articleID SQL Injection =================================================================== VanGogh Web CMS articleID Remote SQL Injection Vulnerability =================================================================== ,--^----------,--------,-----,-------^--, | |||||||||...

Mac OS X kernel "fpathconf()" syscall fails to properly handle unknown file types

Overview A vulnerability in the Mac OS X kernel could allow an authenticated local attacker to cause a denial of service. Description The fpathconf system call provides a method for applications to determine the current value of a configurable system limit or option variable associated with a fil...