CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Cvelist•added 2025/10/21 12:0 a.m.•6 views

CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

0.00126EPSS

Exploits1References2

Vulnrichment•added 2025/10/21 12:0 a.m.•2 views

CVE-2025-60790

6.4AI score0.00126EPSS

Exploits1References2

EUVD•added 2025/10/21 12:0 a.m.•4 views

EUVD-2025-35198

6.3AI score0.00126EPSS

Exploits1References2

GithubExploit•added 2025/09/06 2:27 a.m.•204 views

Exploit for Code Injection in Ispconfig

CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit Hi...

9.8CVSS7.7AI score0.90534EPSS

Exploits19

CVE•added 2025/08/28 10:12 a.m.•11 views

CVE-2025-55175

CVE-2025-55175 : QuickCMS is vulnerable to a Reflected XSS via the sLangEdit parameter in the admin panel. A malicious URL can trigger arbitrary JavaScript execution in the victim’s browser. Only version 6.8 was tested and confirmed vulnerable; other versions were not tested and might also be vul...

6.1CVSS5.4AI score0.00076EPSS

Exploits0References2Affected Software1

Metasploit•added 2025/07/09 6:55 p.m.•557 views

ISPConfig language_edit.php PHP Code Injection

This module exploits a PHP code injection vulnerability in ISPConfig's languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This module will...

7.2CVSS7AI score0.90534EPSS

Exploits14

Packet Storm•added 2025/07/09 12:0 a.m.•145 views

📄 ISPConfig language_edit.php PHP Code Injection

This Metasploit module exploits a PHP code injection vulnerability in the ISPConfig languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This...

7.2CVSS7.6AI score0.90534EPSS

Exploits14

OSV•added 2023/10/27 4:15 a.m.•0 views

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

7.2CVSS5.8AI score

Exploits0References3

ATTACKERKB•added 2023/06/14 2:15 p.m.•0 views

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

9.8CVSS7.4AI score0.30198EPSS

Exploits1References5

CNNVD•added 2023/06/14 12:0 a.m.•1 views

bloofoxCMS SQL注入漏洞

bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which stems from a SQL injection vulnerability contained in the lid parameter found via...

9.8CVSS8.6AI score0.30198EPSS

Exploits1References3

OSV•added 2019/02/17 6:29 p.m.•1 views

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

6.5CVSS6.7AI score

Exploits0References1

Prion•added 2019/02/17 6:29 p.m.•8 views

Design/Logic Flaw

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

5.5CVSS6.4AI score0.00497EPSS

Exploits1References1Affected Software1

CVE•added 2017/03/27 1:55 a.m.•38 views

CVE-2017-6066

Subrion CMS 4.0.5 has a CSRF vulnerability in the admin/languages/edit/1/ endpoint. An attacker can perform any Edit Language action and may inject XSS via the title parameter. This issue is consistently described across multiple sources (NVD/CNVD/OSV) with the same details. No remediation steps ...

8.8CVSS8.4AI score0.00207EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by