37 matches found
EUVD-2025-205520
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
EUVD-2002-2102
Malware in sbrugna...
Sql injection
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...
CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...
CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...
WordPress Loginizer Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WordPress Loginizer plugin is one of the access control plugin. A cross-site scripting vulnerability exists in the...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
CVE-2017-12651
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
Limny 3.2.2 Local File Inclusion
======================================================================== | Title : limny 3.2.2 Local File Inclusion vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 3.2.2 | Vendor : http://www.limny.org/ | Dork : n/a...
CVE-2014-4853
CVE-2014-4853 is a reported cross-site scripting (XSS) flaw in OpenDocMan’s odm-init.php prior to version 1.2.7.3. The vulnerability allows remote authenticated users to inject arbitrary web script or HTML by supplying a specially crafted file name during upload. Public sources from NVD and CVE l...
AdaptCMS 2.0.0 Beta (init.php) Remote File Inclusion Vulnerability
No description provided by source. / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
PHPIDS 0.4 - Remote File Inclusion Vulnerability
No description provided by source. PHPIDS 0.4 - Remote File Inclusion Vulnerability @package PHPIDS @Version 0.4 @license http://www.gnu.org/licenses/lgpl.html LGP @link http://php-ids.org/ Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-08 Location: Indonesia...
playSMS 0.9.3 - Multiple Remote/Local File Inclusion Vulnerabilities
No description provided by source. ==:RFI/LFI:== ===================== script:playsms 0.9.3 ========================================================================== download from:http://downloads.sourceforge.net/playsms/playsms-0.9.3.tar.gz?modtime=1211284086&bigmirror=0...
Telaen Multiple Vulnerabilities
Telaen is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information disclosure
MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files...
Froxlor 0.9.15 - Remote File Inclusion
Froxlor 0.9.15 - Remote File Inclusion Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility Google Dork: © 2009-2010 by the Froxlor Team Date: 26/1/2011 Author: DIES3L Software Link: http://www.froxlor.org Version: v 0.9.15 Tested on: ubuntu + win7 Email : [email protected] Fichier :...
AdaptCMS 2.0.1 Beta - Remote File Inclusion (Metasploit)
/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' 'AdaptCMS 2.0.1 Beta Released Remote File Inclusion Exploit', 'Description' = %q This module can be used to exploit Remote File...
AdaptCMS 2.0.0 Beta Remote File Inclusion
/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID ----------------------------------------------------------------------- AdaptCMS...
PHPIDS 0.4 - Remote File Inclusion
PHPIDS 0.4 - Remote File Inclusion PHPIDS 0.4 - Remote File Inclusion Vulnerability @package PHPIDS @Version 0.4 @license http://www.gnu.org/licenses/lgpl.html LGP @link http://php-ids.org/ Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-08 Location: Indonesia...