CVE-2025-5402

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/editpost.php of the component GET Parameter Handler. The manipulation of the argument...

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

CVE-2024-48238

CVE-2024-48238 affects WTCMS 1.0. The vulnerability is a SQL injection in the edit_post functionality implemented in /Admin/Controller/NavControl.class.php via the parentid parameter. The Red Hat, NVD, CVE listings corroborate the same description. Affected component: WTCMS 1.0; vulnerability typ...

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

NextGEN Gallery < 3.29 - Thumbnail Deletion via CSRF

The plugin does not have CSRF checks when deleting Thumbnail, which could allow attackers to make logged in users with the editPost capability to perform such action via a CSRF attack...

CVE-2019-19984

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with editpost capabilities to manage plugin settings and email campaigns...

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...

CVE-2018-19895

ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

CVE-2018-19898

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

ThinkCMF SQL Injection Vulnerability

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost method in ArticleController.class.php in ThinkCMF X2.2.2, which can be exploited by a normal authenticated user to perform a SQL injection attack via the postid1 parameter ...

WordPress <=4.2.2 由竞争条件导致的权限提升

WordPress采用了一种功能丰富、易于扩展的角色和能力模型，其中每个用户都被指定一种角色，从权限最低的订阅者到有无限权力的超级管理员。我们知道，即使订阅者也是有权访问WordPress管理员控制面板的，该面板位于/admin目录。相对于管理员而言，订阅者可以使用的面板选项极为有限，因为会受到相应权限的限制。在默认情况下，订阅者只有“readpage”和“readpost”权限，可以读取文章和网页。...

CVE-2007-2860

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an editpost action...

CVE-2007-2860

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an editpost action...