19 matches found
EUVD-2020-23982
Malware in sbrugna...
EUVD-2025-30874
Malicious code in bioql PyPI...
CVE-2025-48492
GetSimple CMS is affected in versions 3.3.16–3.3.21. An authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). The issue is mitigated by upgrading to version 3.3.22, w...
CVE-2025-48492 GetSimple CMS RCE in Edit component
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...
PT-2025-23259 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimple CMS versions 3.3.16 through 3.3.21 Description: The issue allows an authenticated user with access to the Edit component to inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Co...
CVE-2022-44140
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
CVE-2022-28016
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\deductionedit.php...
CVE-2025-45611
Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...
CVE-2023-43233
A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...
CVE-2023-43233
A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...
CVE-2023-43233
A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...
PT-2023-28739 · Yzncms · Yzncms
Name of the Vulnerable Software and Affected Versions: YZNCMS version 1.3.0 Description: A stored cross-site scripting XSS issue in the cms/content/edit component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. This enables...
nadesiko3 安全漏洞
nadesiko3 is a Japanese programming language by the individual developer of kujirahand. A security vulnerability exists in nadesiko3 PC version v3.3.74 and earlier versions, which stems from an exception check or mishandling in the component Nako3edit, and can be exploited by an attacker to injec...
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
CVE-2022-28013
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\scheduleemployeeedit.php...
CVE-2022-28016
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\deductionedit.php...
CVE-2022-28017
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtimeedit.php...
CVE-2022-28019
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employeeedit.php...
CVE-2020-36496
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component sysadminuseredit.php via the filename, mid, userid, and templet' parameters...