CVE-2022-23872

Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /admin/configure.php via the parameter footerinfo...

EUVD-2022-28797

Malicious code in bioql PyPI...

PHPMemcachedAdmin Cross-Site Scripting Vulnerability

PHPMemcachedAdmin is a graphical standalone administration tool for memcached by Cyrille Mahieux, an individual developer. A cross-site scripting vulnerability exists in PHPMemcachedAdmin version 1.3.0 due to improper encoding of user control entries in the "/pmcadmin/configure.php" parameter...

CVE-2022-23872

Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /admin/configure.php via the parameter footerinfo...

Cross site scripting

Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /admin/configure.php via the parameter footerinfo...

CVE-2022-23872

Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /admin/configure.php via the parameter footerinfo...

osCommerce 2.3.4.1 - Remote Code Execution (2)

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

osCommerce 2.3.4.1 - Remote Code Execution Exploit (2)

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

phpATM 1.32 - Multiple Vulnerabilities

phpATM 1.32 - Multiple Vulnerabilities !-- Exploit Title : "phpATM = 1.32 Multiple CSRF Vulnerabilities & Full Path Disclosure Vulnerability" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windows 10 with XAMPP 1 CSRF...

phpATM 1.32 - Multiple Vulnerabilities

!-- Exploit Title : "phpATM = 1.32 Multiple CSRF Vulnerabilities & Full Path Disclosure Vulnerability" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windows 10 with XAMPP 1 CSRF in configure.php phpATM lets the...

Oscommerce Online Merchant 2.2 - File Disclosure And Admin ByPass

No description provided by source. -------------------------------------------- Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass -------------------------------------------- Author : Flyff666 Date : May, 30, 2010 Location : Tangerang, Indonesia Time Zone : GMT +7:00 Software :...

CVE-2010-1542

DFD Cart contains CSRF vulnerabilities in admin/configure.php affecting version 1.198, 1.197 and earlier. The issue allows remote attackers to hijack administrator sessions to perform (1) XSS actions or (2) changes to unspecified settings. Root cause is cross-site request forgery in admin configu...

CVE-2009-1508

SQL injection vulnerability in the xforumvalidateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookieusername parameter to Configure.php...

CVE-2009-1508

CVE-2009-1508 affects X-Forum 0.6.2. The vulnerability is an SQL injection in the function xforum_validateUser in Common.php , allowing remote attackers to execute arbitrary SQL commands via the cookie_username parameter to Configure.php. The NVD entry and related records confirm the issue and im...

CVE-2008-4600

CVE-2008-4600 affects PokerMax Poker League Tournament Script 0.13. The flaw allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie in configure.php. Base CVSS2 score 7.5 (NETWORK, low complexity, no user interaction). No remediation d...

CVE-2007-0591

CVE-2007-0591 describes a PHP remote file inclusion in Vu Le An Virtual Path (VirtualPath) 1.0. The vulnerability occurs in configure.php via the phpbb_root_path parameter, enabling remote PHP code execution. Documents do not specify affected versions beyond 1.0, impact details beyond the describ...

Virtual Path PHPBB模块configure.php远程文件包含漏洞

Virtual Path是一款基于PHP的WEB应用程序。 Virtual Path不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Configure.PHP'脚本对用户提交的'phpbbrootpath'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Virtual Path 1.0 目前没有解决方案提供： http://sourceforge.net/project/showfiles.php?groupid=143240...

Virtual Path 1.0 (vp/configure.php) Remote File Include Vulnerability

No description provided by source. +===================================================================== + Virtual Path phpBB == v1.0 | +===================================================================== + Downlaoad S :http://sourceforge.net/projects/virtualpath/ |...

Virtual Path 1.0 (vp/configure.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ===================================================================== Virtual Path 1.0 vp/configure.php Remote File Include Vulnerability =====================================================================...

CVE-2006-4749

CVE-2006-4749 describes multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 and earlier. The flaw allows remote attackers to execute arbitrary PHP code via the include_location parameter in files including activate.php, configure.php, fileop.php, geti...