142 matches found
SUSE CVE-2007-1395
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...
CVE-2022-48175
Rukovoditel v3.2.1 was discovered to contain a remote code execution RCE vulnerability in the component /rukovoditel/index.php?module=dashboard/ajaxrequest...
copperwall Twiddit SQL注入漏洞
Twiddit is a web application by copperwall individual developers. A SQL injection vulnerability exists in copperwall Twiddit, which stems from a vulnerability found in copperwall Twiddit that affects some unknown processing of the file index.php, an operation that results in sql injection...
Seltmann GmbH Content Management System 6 SQL注入漏洞
seltmann Seltmann GmbH Content Management System is a content management system from seltmann. A security vulnerability exists in Seltmann GmbH Content Management System 6. An attacker could exploit this vulnerability to perform SQL injection via /index.php...
Unrestricted file upload
File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php...
CVE-2022-28918
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&pluginname=...
OneNav 路径遍历漏洞
OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in index.php in OneNav v0.9.14. The vulnerability allows attackers to perform directory traversal...
Phpgurukul Employee Record Management System SQL注入漏洞
Employee Record Management System is an employee record management system. Employee Record Management System has a SQL injection vulnerability that originates from an SQL injection bypass authentication vulnerability via index.php, which can be exploited by an attacker to corrupt, alter, or...
WUZHI CMS SQL Injection Vulnerability (CNVD-2021-99300)
WUZHI CMS Five Fingers CMS is a high-performance open source content management system that supports LNAMP architecture, suitable for portals, enterprise websites, mobile sites, microsoft promotion. Attackers can use the keywords parameter in coreframe/app/promote/admin/index.php vulnerability fo...
Nagios XI 输入验证错误漏洞
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...
EGavilan Barcodes generator cross-site scripting vulnerability
Egavilan Media Barcodes generator is a Php-based barcode generator for product names from Egavilan Media. EGavilan Barcodes generator 1.0 suffers from a cross-site scripting vulnerability that originates from cross-site scripting XSS via index.php. An attacker can exploit this vulnerability to...
Sourcecodester Car Rental Management System 输入验证错误漏洞
Sourcecodester Car Rental Management System is a car rental management system from Sourcecodester USA. A security vulnerability exists in version 1.0 of the SourceCodester Car Rental Management System, which can be exploited by an unauthenticated user to perform a file inclusion attack on the...
CVE-2019-9769
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator...
CVE-2019-8363
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 is vulnerable to remote code execution via an eval-based input in the web layer. The issue stems from an insufficient protection mechanism in apps/home/controller/ParserController.php (parserIfLabel), which allows an attacker to inject and execute code through a c...
CVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...
CVE-2018-14958
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings such as the theme, title, and description via index.php...
Arbitrary file deletion
GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...
The vulnerability of the “index.php” script in the microprogramming software for network storage devices from Western Digital MyCloud NAS allows for the execution of arbitrary commands.
The vulnerability of the “index.php” script in the microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...
Synology Photo Station Information Disclosure Vulnerability
Synology Photo Station is an online photo album and blog owned and managed by DSM users. An information disclosure vulnerability exists in index.php in Synology Photo Station. A remote attacker can exploit the vulnerability to obtain sensitive information in certain ways...