MiniCMS 跨站脚本漏洞

MiniCMS is a content management system CMS designed for personal websites. A security vulnerability exists in MiniCMS v1.10 that allows remote attackers to execute arbitrary code by sending a crafted HTTP request injection command to the component "mc-admin post-edit.php"...

Cross site request forgery (csrf)

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users...

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users...

MiniCMS Directory Traversal Vulnerability

MiniCMS is a micro content management system designed for personal websites. A directory traversal vulnerability exists in post-edit.php in MiniCMS V1.10. A remote attacker can exploit this vulnerability to include and execute arbitrary files via the state parameter...

CVE-2020-36052

Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter...

MiniCMS 路径遍历漏洞

MiniCMS is a micro content management system designed for personal websites. A directory traversal vulnerability exists in post-edit.php in MiniCMS V1.10. A remote attacker can exploit this vulnerability to include and execute arbitrary files via the state parameter...

DEBIAN-CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

Design/Logic Flaw

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

PT-2020-20336 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: This issue allows remote attackers to execute local PHP files on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the edit.ph...

Sql injection

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...

CVE-2016-10962

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php optionname parameter...

CVE-2016-10962

The vulnerability CVE-2016-10962 affects the Icegram WordPress plugin prior to version 1.9.19. The issue is a Cross-Site Request Forgery (CSRF) vulnerability via the wp-admin/edit.php?option_name parameter, which could enable unauthorized actions within the plugin’s admin context. Affected softwa...

CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...

CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...

CVE-2019-16333

GetSimple CMS v3.3.15 is affected by a persistent Cross-Site Scripting (XSS) vulnerability in admin/theme-edit.php. The CVE description and connected sources (NVD/NVD mirrors, OpenVAS entry, and related advisories) consistently identify GetSimple CMS 3.3.15 as vulnerable to XSS in that admin page...

WordPress Download Manager Plugin Cross-Site Request Forgery

A cross-site request forgery vulnerability has been reported in WordPress Download Manager Plugin. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which...

WordPress Download Manager 2.5 Cross Site Request Forgery

Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage: https://www.wpdownloadmanager.com/ Softwa...

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010096

DomainMOD v4.10.0 contains a Cross Site Request Forgery (CSRF) vulnerability that can elevate a user’s privilege from read-only to administrator. The vulnerability is triggered via the admin/users/edit.php?uid=2 component after an administrator logs in and visits a crafted HTML page, enabling an ...

CVE-2019-13340

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...