13 matches found
CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...
EUVD-2025-35198
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...
CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...
Exploit for Code Injection in Ispconfig
CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit Hi...
CVE-2025-55175
CVE-2025-55175 : QuickCMS is vulnerable to a Reflected XSS via the sLangEdit parameter in the admin panel. A malicious URL can trigger arbitrary JavaScript execution in the victim’s browser. Only version 6.8 was tested and confirmed vulnerable; other versions were not tested and might also be vul...
ISPConfig language_edit.php PHP Code Injection
This module exploits a PHP code injection vulnerability in ISPConfig's languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This module will...
📄 ISPConfig language_edit.php PHP Code Injection
This Metasploit module exploits a PHP code injection vulnerability in the ISPConfig languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This...
CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...
CVE-2023-34752
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...
bloofoxCMS SQL注入漏洞
bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which stems from a SQL injection vulnerability contained in the lid parameter found via...
CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...
Design/Logic Flaw
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...
CVE-2017-6066
Subrion CMS 4.0.5 has a CSRF vulnerability in the admin/languages/edit/1/ endpoint. An attacker can perform any Edit Language action and may inject XSS via the title parameter. This issue is consistently described across multiple sources (NVD/CNVD/OSV) with the same details. No remediation steps ...