6 matches found
GHSA-3234-GXC3-PQ6F Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...
CVE-2010-5320
Multiple cross-site request forgery CSRF vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify settings via a configuration action to admin.php, 2 modify articles via an articles action to admin.php, or 3 modify...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify settings via a configuration action to admin.php, 2 modify articles via an articles action to admin.php, or 3 modify...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrator accounts via a membernew action to myadmin/admin1members.php or 2 modify the default site title via a save action...
Cross site scripting
Cross-site scripting XSS vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter aka Email address field in an edituser configuration action...
CVE-2012-1979
Cross-site scripting XSS vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter aka Email address field in an edituser configuration action...