PT-2026-42573

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the removeFavoriteFolder$id function. CSRF is a flaw that allows an attacker to induce a us...

CVE-2026-30662

ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...

CVE-2026-4514 PbootCMS Backend UserController.php access control

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...

CVE-2025-14966

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

EUVD-2025-204610

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966 FastAdmin Backend Controller Backend.php selectpage sql injection

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966 FastAdmin Backend Controller Backend.php selectpage sql injection

A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to...

CVE-2025-14966

FastAdmin vulnerability (CVE-2025-14966) affects FastAdmin up to version 1.7.0.20250506. The issue is in Backend Controller’s selectpage function (application/common/controller/Backend.php) where manipulating the custom/searchField parameter can trigger an SQL injection. It can be exploited remot...

PT-2025-52509

Name of the Vulnerable Software and Affected Versions FastAdmin versions prior to 1.7.0.20250506 Description A flaw exists in FastAdmin up to version 1.7.0.20250506. The issue is located within the selectpage function of the Backend.php file in the Backend Controller component. Manipulation of th...

FastAdmin SQL注入漏洞

FastAdmin is a set of web backend development framework based on ThinkPHP and Bootstrap by Karson's personal developer. FastAdmin 1.7.0.20250506 and earlier versions exist SQL injection vulnerability, the vulnerability stems from the application/common/controller/Backend.php file...

EUVD-2018-6855

Malware in sbrugna...

CVE-2024-48231

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...

CVE-2022-28058

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\filecontroller.php...

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

GHSA-2MV8-JJM5-F3HR SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

CVE-2024-48230

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php...

ShopWind 路径遍历漏洞

ShopWind is a B2B2C, O2O industry e-commerce system software based on the Yii2.0 framework deeply reconstructed by China ShopWind. You can easily create and publish your own brand of professional e-commerce platform for a full range of branding and product promotion. ShopWind v3.4.2 version and t...

CVE-2019-17612

An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter...

CVE-2018-14972

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS...