43612 matches found
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
CVE-2019-25574
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
CVE-2019-25574 Green CMS 2.x Path Traversal Arbitrary File Download
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
CVE-2019-25574
CVE-2019-25574 affects Green CMS 2.x. The vulnerability is a path traversal flaw that enables authenticated attackers to download arbitrary files or directories. Attackers can exploit the themeexporthandle action by injecting directory traversal sequences into the theme_name parameter, or use bas...
CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25573
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25573
CVE-2019-25573 concerns Green CMS 2.x, where an SQL injection vulnerability exists in the cat parameter. The flaw can be exploited by an authenticated attacker who sends a GET request to index.php with m=admin, c=posts, a=index and injects SQL code through the cat parameter, enabling manipulation...
Malicious code in cms-catalogue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d08a53064a76469a8b5ab4afdb3aa2907127f26f98ac8255e3ae650f8ce5d1ba The package cms-catalogue was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2011 Malicious code in cms-catalogue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d08a53064a76469a8b5ab4afdb3aa2907127f26f98ac8255e3ae650f8ce5d1ba The package cms-catalogue was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-4509
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...
Privilege Escalation
Craft CMS is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization checks in the UsersController-actionImpersonateWithToken functionality, which allows an attacker to abuse shared or low-privileged access to gain administrative privileges...
CVE-2026-3334
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
CVE-2026-3334
The CVE-2026-3334 entry concerns the WordPress CMS Commander plugin. Affected software: CMS Commander plugin for WordPress (up to version 2.288). Vulnerability: SQL Injection via the parameters or_blogname, or_blogdescription, and or_admin_email, caused by insufficient escaping of user input and ...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
PT-2026-26922
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme name parameter in the themeexporthandle action or supply base64-encoded file paths t...
WordPress plugin Tour & Activity Operator Plugin for TourCMS 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-26921
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
phpTransformer 路径遍历漏洞
phpTransformer is a content management system developed by the Lebanese company phpTransformer. The version 2016.9 of phpTransformer has a path traversal vulnerability. This vulnerability stems from an SQL injection vulnerability in the idnews parameter, which could allow remote attackers to...