CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

CVE-2026-29201

Insufficient input validation in the feature::LOADFEATUREFILE AdminBin call in cPanel/WHM can lead to arbitrary file read when a relative file path is supplied. Affected product/version scope includes cPanel/WHM prior to versions listed as fixed in PT-2026-38673 (and WP Squared) such as 11.136.0....

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

cPanel 输入验证错误漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to input validation errors. This vulnerability stems from insufficient...

CVE-2025-12337

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing a manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released t...

CVE-2025-9940

A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2025-9940

A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used...

PT-2025-35860

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A cross-site scripting issue exists in CodeAstro Real Estate Management System 1.0. The issue is related to the manipulation of the msg argument in the /feature.php file. This c...

Online Shoe Store admin_feature.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter productcode in the file /admin/adminfeature.php. An attacker can exploit this...

CVE-2025-6305

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adminfeature.php. The manipulation of the argument productcode leads to sql injection. It is possible to initiate the attack remotely. The exploit...

PT-2024-1939

Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account. The vulnerability is due t...

PT-2023-32907 · Gopeak · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the function sqlInjectDelete of the file app/ctrl/framework/Feature.php. The manipulation o...