PT-2026-34835

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy section save function in app/routes/config/routes.py. The server ip parameter, sourced from the URL path, is passed unsanitized throug...

CVE-2023-2055

A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/configsave.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The...

PT-2024-27805 · Usvn · Usvn

Name of the Vulnerable Software and Affected Versions: User-friendly SVN USVN versions prior to 1.0.12 Description: The issue is related to improper input validation in the /admin/config/save endpoint, allowing administrators to execute arbitrary code via the fields siteTitle, siteIco, and...

CVE-2024-37879

Improper input validation in /admin/config/save in User-friendly SVN USVN before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo"...

PT-2024-30068 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was discovered. The issue is related to the "/admin/admin config.php?action=save&var id=32" API endpoint. Recommendations: For Pligg CMS version 2.0.2, as a temporar...

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

PT-2024-24093 · Unknown · Stable-Diffusion-Webui

Name of the Vulnerable Software and Affected Versions: stable-diffusion-webui version 1.7.0 Description: The issue is related to a limited file write affecting Windows systems. It occurs in the create ui method Backup/Restore tab in modules/ui extensions.py, where user input is taken into the...

Frigate Cross-Site Request Forgery Vulnerability

Frigate is a complete local NVR designed for home assistants with AI object detection from the individual developer Blake Blackshear. A cross-site request forgery vulnerability exists in Frigate versions prior to 0.13.0 Beta 3, which stems from a cross-site request forgery CSRF vulnerability in t...

The vulnerability of the User Creation Handler component of the /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 file in the C-DATA Web Management System allows a malicious individual to escalate their privileges.

The vulnerability of the User Creation Handler component in the /cgi-bin/jumpto.php?class=user&page=configsave&isphp=1 system of the C-DATA Web Management System is related to errors in managing access control. Exploiting this vulnerability could allow a malicious actor to increase their privileg...

D-Link DWL-2600AP Access Point Command Injection Vulnerability

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

C-DATA Web Management System 访问控制错误漏洞

C-DATA Web Management System is a web management system from China-based C-DATA Corporation. An access control error vulnerability exists in C-DATA Web Management System version 20230607 and earlier, which stems from a problem with the file /cgi-bin/jumpto.php?class=user&page=configsave&isphp=1,...

The vulnerability of the configuration saving function in the web interface of D-Link DWL-2600AP wireless access points allows a intruder to execute arbitrary commands.

The vulnerability of the configuration saving function in D-Link DWL-2600AP wireless access points related to the lack of measures taken to neutralize special elements used in the operating system’s processing of the commands admin.cgi?action=configsave and downloadServerip. Exploiting this...

CVE-2023-2055

A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/configsave.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The...

PT-2023-17455 · Unknown · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. It affects unknown code of the file /admin/config save.php. The manipulation of the title argument leads...

Campcodes Advanced Online Voting System 跨站脚本漏洞

Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...

CVE-2022-27291

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service DoS via the config.savenetworkenabled parameter...

Cpanel 跨站脚本漏洞

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 94.0.3. The vulnerability stems from saving...

DLink DWL-2600AP - Multiple OS Command Injection Vulnerability

Exploit for hardware platform in category web applications Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You...