23 matches found
Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action
Summary The actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no equivalent authorization check for removals, so submitting an empty groups...
CVE-2018-12250
An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...
EUVD-2018-4228
Malware in sbrugna...
EUVD-2008-3143
Malware in sbrugna...
EUVD-2021-15700
Malware in sbrugna...
Elite CMS Pro 2.01 SQL Injection
====================================================================================================================================== | Title : Elite CMS Pro V2.01 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-b...
CMS-pro 5.0 SQL Injection
====================================================================================================================================== | Title : ِCMS-pro v.5.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : https://Wojoscripts.com | | Dor...
CVE-2021-29054
Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...
CVE-2021-29054
Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...
CVE-2018-12250
An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...
CVE-2018-12250
An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...
Sql injection
An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...
CVE-2018-12250
An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...
CVE-2018-12250
Summary of vulnerability (CVE-2018-12250) : Multiple sources confirm a SQL injection flaw in Elite CMS Pro 2.01, specifically in the /admin/add_sidebar.php file via the vulnerable ?page= parameter. The issue is described as allowing the execution of arbitrary SQL commands, with the potential for ...
Ferdows CMS Pro <= 1.1.0 - Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix: N/A 1...
Pulse CMS Basic - Local File Inclusion
'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local file inclusion due to a null-byte...
CVE-2008-3153
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...
Sql injection
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...
CVE-2008-3153
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...
CVE-2008-3153
CVE-2008-3153 affects Triton CMS Pro, with a SQL injection vulnerability exploitable via the X-Forwarded-For HTTP header. The available documents identify the vulnerability class and entry but do not specify affected versions, root cause details beyond “SQL injection,” or concrete remediation ste...