EUVD-2021-28079

Malicious code in bioql PyPI...

CVE-2023-1685

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

CVE-2020-26041

An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php...

CVE-2020-26043

An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php...

Hoosk 安全漏洞

Hoosk is a lightweight content management system by the individual developers of Havok. A security vulnerability exists in Hoosk version 1.7.1, which stems from the presence of a SQL injection vulnerability that allows remote attackers to obtain sensitive information via the /install/index.php...

PT-2023-29080 · Unknown · Blackcat Cms

Name of the Vulnerable Software and Affected Versions: Black Cat CMS version 1.4.1 Description: A cross-site scripting XSS vulnerability exists in Black Cat CMS, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is present in two locations: the...

CSZ CMS Cross-Site Scripting Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A security vulnerability exists in CSZ CMS v1.3.0, which stems from multiple cross-site scripting XSS vulnerabilities in install/index.php that allow attackers to execute arbitrary web script or HTML with a crafted payload via the...

bugs 跨站脚本漏洞

Bugs is a branch of the open-source Tinyissue defect tracking system by Alexandre Plennevaux, a personal developer in Belgium. bugs 1.8 and earlier versions of install/index.php are vulnerable to cross-site scripting, which can be exploited by remote attackers to inject arbitrary Web script or HT...

CVE-2019-17608

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter...

CVE-2019-17609

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter...

CVE-2019-17611

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter...

CVE-2018-20567

An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read...

UCMS Cross-Site Scripting Vulnerability (CNVD-2018-19624)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in the install/index.php page in UCMS version 1.4.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'mysqldbname' parameter...

Frog CMS Cross-Site Scripting Vulnerability (CNVD-2018-09162)

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A cross-site scripting vulnerability exists in the /install/index.php file in Frog CMS 0.9.5. A remote...

ZZCMS 'siteurl' parameter PHP code injection vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited to inject PHP code by sending 'siteurl' parameter to install/index.php file...

Code Execution Vulnerability in ECShop 3.0

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. A code execution vulnerability exists in the...

Reinstallation vulnerability in zzcms version 7.2

ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. ZZCMS system v7.1 has a reinstallation vulnerability that allows an attacker to exploit the vulnerability by visiting /install/index.php, submitting: POST request: submit=1&step=4,...

PT-2007-3644 · Bloofox · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: BlooFoxCMS version 0.2.2 Description: The issue concerns a PHP remote file inclusion vulnerability in the install/index.php file of BlooFoxCMS. This vulnerability potentially allows remote attackers to execute arbitrary PHP code via a URL in...

CVE-2007-1149

Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. dot dot in 1 the step parameter to install/index.php or 2 the load parameter to the top-level URI...

CVE-2007-1148

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...