CVE-2020-5842

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page...

CVE-2020-35388

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true...

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution RCE vulnerability in the index.php...

CVE-2020-18158

Cross Site Scripting XSS vulnerability in HuCart 5.7.4 via nickname in index.php...

CVE-2020-18157

Cross Site Request Forgery CSRF vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php...

CVE-2020-21132

SQL Injection vulnerability in Metinfo 7.0.0beta in index.php...

CVE-2020-10218

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...

CVE-2020-24271

A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username==...

CVE-2020-21806

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php...

CVE-2020-23833

Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request...

CVE-2020-21653

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sj method...

CVE-2020-6637

openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php...

CVE-2020-26051

College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query...

CVE-2020-23718

Cross site scripting XSS vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sql method...

CVE-2020-20124

Wuzhi CMS v4.1.0 contains a remote code execution RCE vulnerability in \attachment\admin\index.php...

CVE-2020-19915

Cross Site Scripting XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php...

CVE-2020-19264

A cross-site request forgery CSRF in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd...

CVE-2020-18013

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?adminbanned/add.htm...

CVE-2014-4850

SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter...