Lucene search
+L

142 matches found

susecve
susecve
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...

4.3CVSS6AI score0.0142EPSS
Exploits1References3
cvelist
cvelist
added 2023/01/30 12:0 a.m.23 views

CVE-2022-48175

Rukovoditel v3.2.1 was discovered to contain a remote code execution RCE vulnerability in the component /rukovoditel/index.php?module=dashboard/ajaxrequest...

10AI score0.0174EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/01/19 12:0 a.m.12 views

copperwall Twiddit SQL注入漏洞

Twiddit is a web application by copperwall individual developers. A SQL injection vulnerability exists in copperwall Twiddit, which stems from a vulnerability found in copperwall Twiddit that affects some unknown processing of the file index.php, an operation that results in sql injection...

9.8CVSS7AI score0.00725EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/01/19 12:0 a.m.7 views

Seltmann GmbH Content Management System 6 SQL注入漏洞

seltmann Seltmann GmbH Content Management System is a content management system from seltmann. A security vulnerability exists in Seltmann GmbH Content Management System 6. An attacker could exploit this vulnerability to perform SQL injection via /index.php...

9.8CVSS8.7AI score0.00752EPSS
Exploits1References2
prion
prion
added 2022/12/15 7:15 p.m.14 views

Unrestricted file upload

File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php...

6.5CVSS8.8AI score0.01218EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2022/04/26 9:15 p.m.16 views

CVE-2022-28918

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&pluginname=...

8.1CVSS0.01061EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/03/12 12:0 a.m.5 views

OneNav 路径遍历漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in index.php in OneNav v0.9.14. The vulnerability allows attackers to perform directory traversal...

5.3CVSS5.8AI score0.01173EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/12/13 12:0 a.m.5 views

Phpgurukul Employee Record Management System SQL注入漏洞

Employee Record Management System is an employee record management system. Employee Record Management System has a SQL injection vulnerability that originates from an SQL injection bypass authentication vulnerability via index.php, which can be exploited by an attacker to corrupt, alter, or...

10CVSS6AI score0.02079EPSS
Exploits1References2
cnvd
cnvd
added 2021/09/17 12:0 a.m.20 views

WUZHI CMS SQL Injection Vulnerability (CNVD-2021-99300)

WUZHI CMS Five Fingers CMS is a high-performance open source content management system that supports LNAMP architecture, suitable for portals, enterprise websites, mobile sites, microsoft promotion. Attackers can use the keywords parameter in coreframe/app/promote/admin/index.php vulnerability fo...

9.8CVSS3.3AI score0.0128EPSS
Exploits1References1
cnnvd
cnnvd
added 2021/08/13 12:0 a.m.5 views

Nagios XI 输入验证错误漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...

7.5CVSS5.5AI score0.02782EPSS
Exploits0References1
cnvd
cnvd
added 2020/12/21 12:0 a.m.3 views

EGavilan Barcodes generator cross-site scripting vulnerability

Egavilan Media Barcodes generator is a Php-based barcode generator for product names from Egavilan Media. EGavilan Barcodes generator 1.0 suffers from a cross-site scripting vulnerability that originates from cross-site scripting XSS via index.php. An attacker can exploit this vulnerability to...

6.1CVSS5.5AI score0.01135EPSS
Exploits1References1
cnnvd
cnnvd
added 2020/12/14 12:0 a.m.8 views

Sourcecodester Car Rental Management System 输入验证错误漏洞

Sourcecodester Car Rental Management System is a car rental management system from Sourcecodester USA. A security vulnerability exists in version 1.0 of the SourceCodester Car Rental Management System, which can be exploited by an unauthenticated user to perform a file inclusion attack on the...

9.8CVSS7.6AI score0.16822EPSS
Exploits1References1
cvelist
cvelist
added 2019/03/14 7:0 a.m.15 views

CVE-2019-9769

PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator...

8.7AI score0.02277EPSS
Exploits1References1
nvd
nvd
added 2019/02/16 10:29 p.m.19 views

CVE-2019-8363

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...

6.1CVSS6AI score0.00826EPSS
Exploits1References1
cve
cve
added 2018/11/27 7:0 a.m.59 views

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 is vulnerable to remote code execution via an eval-based input in the web layer. The issue stems from an insufficient protection mechanism in apps/home/controller/ParserController.php (parserIfLabel), which allows an attacker to inject and execute code through a c...

9.8CVSS9.7AI score0.03858EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2018/08/26 9:29 p.m.25 views

CVE-2017-18345

The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...

9.8CVSS9.6AI score0.02966EPSS
Exploits1References3
osv
osv
added 2018/08/05 7:29 p.m.12 views

CVE-2018-14958

An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings such as the theme, title, and description via index.php...

8.8CVSS7AI score
Exploits0References1
prion
prion
added 2018/06/29 5:29 a.m.10 views

Arbitrary file deletion

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI...

5CVSS7.6AI score0.01586EPSS
Exploits1References1Affected Software1
bdu_fstec
bdu_fstec
added 2017/12/21 12:0 a.m.4 views

The vulnerability of the “index.php” script in the microprogramming software for network storage devices from Western Digital MyCloud NAS allows for the execution of arbitrary commands.

The vulnerability of the “index.php” script in the microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

10CVSS8.1AI score0.11225EPSS
Exploits1References3Affected Software1
cnvd
cnvd
added 2017/08/09 12:0 a.m.3 views

Synology Photo Station Information Disclosure Vulnerability

Synology Photo Station is an online photo album and blog owned and managed by DSM users. An information disclosure vulnerability exists in index.php in Synology Photo Station. A remote attacker can exploit the vulnerability to obtain sensitive information in certain ways...

7.5CVSS7.3AI score0.44573EPSS
Exploits4References1
Rows per page
Query Builder