EUVD-2019-19900

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 has a local file inclusion vulnerability that lets authenticated attackers read arbitrary files by manipulating path parameters in backend_theme endpoints. Specifically, POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ with directory tr...

CVE-2019-25577 SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

PT-2026-26925

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend theme/editcss/ or /backend/backend theme/editjs/ wi...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2024-28385 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.7.3 Description: A cross-site scripting XSS vulnerability in the Backend Theme Management module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Z-BlogPHP version 1.7.3...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

H+ backend theme UI framework has file upload vulnerability

H+ Backend Theme UI Framework is a fully responsive, flat theme developed based on the latest version of Bootstrap 3.3.6. A file upload vulnerability exists in the H+ Backend Theme UI Framework, which can be exploited by an attacker to gain control of the server...

SQL Injection Vulnerability in Dream CMS Backend Theme Management Service

Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. A SQL injection vulnerability exists in the backend topic management system of Dream CMS. Attackers can use the vulnerability to obtain sensitive information in the database...

Five Fingers CMS 4.1.0 SQL Injection Vulnerability at Backend Theme Category Editor

Beijing Five Fingers Internet Technology Co., Ltd referred to as: Five Fingers Internet is a professional website content management system provider in China. FiveFingersCMS4.1.0 SQL injection vulnerability exists in the background theme category editor, attackers can use the vulnerability to...

SeoToaster Ecommerce CRM CMS 3.0.0 - Local File Inclusion

SeoToaster Ecommerce CRM CMS 3.0.0 - Local File Inclusion Exploit Title: SeoToaster Ecommerce 3.0.0 - Local File Inclusion Dork: N/A Date: 2019-01-17 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.seotoaster.com/shopping-cart/ Software Link:...