Cross site request forgery (csrf)

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040...

CVE-2019-10237

CVE-2019-10237 affects S-CMS PHP v1.0 and is a CSRF vulnerability that allows adding a new admin user via the URI 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0. The issue is linked to CVE-2019-9040 and reiterates a cross-site request forgery risk in the admin creation flow. Connected Red ...

CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...

Design/Logic Flaw

S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...

CVE-2019-9925

CVE-2019-9925 affects S-CMS PHP v1.0, with a reflected XSS in the 4.edu.php page via the S_id parameter. Multiple sources (NVD, Red Hat, CNVD, CVE lists) describe a cross-site scripting flaw in S-CMS PHP 1.0 that allows an attacker to execute client-side code by injecting crafted input, typically...

CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332...

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332...

CVE-2019-9040

CVE-2019-9040 affects S-CMS PHP v3.0, reporting a CSRF flaw that allows adding a new admin user via the admin/ajax.php?type=admin&action=add URI (related to CVE-2018-19332). The connected Red Hat/PRION/NVD entries confirm the same vector: CSRF enabling admin user creation. The root cause is impro...

CVE-2018-20773

Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...

CVE-2018-20772

Frog CMS 0.9.5 allows PHP code execution via ?php to the admin/?/layout/edit/1 URI...

S-CMS PHP SQL Injection Vulnerability

S-CMS PHP is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the member/membernews.php file in S-CMS PHP version 1.0, which can be exploited by remote attackers to execute SQL commands with the help of the 'type' parameter...

CVE-2018-18887

S-CMS PHP 1.0 has SQL injection in member/membernews.php via the type parameter aka the $Ntype field...

Sql injection

S-CMS PHP 1.0 has SQL injection in member/membernews.php via the type parameter aka the $Ntype field...

CVE-2018-18887

S-CMS PHP 1.0 has SQL injection in member/membernews.php via the type parameter aka the $Ntype field...

Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling Vulnerabilities

Lepton version 2.2.2 Stable suffers from password handling, insecure bruteforce protection, cross site request forgery, and open redirection vulnerabilities. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version http://www.lepton-cms.org/posts/ Link:...

Lepton 2.2.2 Stable SQL Injection Vulnerability

Lepton version 2.2.2 Stable suffers from remote SQL injection vulnerabilities. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: S...

dacios CMS 1.08 - Cross-Site Scripting SQL Injection File Disclosure

dacios CMS 1.08 - Cross-Site Scripting SQL Injection File Disclosure =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = XORON 2009C = = Dacio's PHP scripts CMS v1.08 Remote SQL Injection Vuln. =...

CVE-2007-1977

Cross-site scripting XSS vulnerability in indexcms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter...