CVE-2026-6487 Qihui jtbc5 CMS Code Endpoint manage.php path traversal

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-6487

CVE-2026-6487 affects Qihui jtbc5 CMS 5.0.3.6. A flaw in an unknown function within /dev/code/common/diplomat/manage.php allows path traversal via the Code Endpoint component. The vulnerability is remotely exploitable; exploitation appears to be published. Vendor response to disclosure is not pro...

PT-2026-33447

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2019-17267

Malware in sbrugna...

EUVD-2018-11025

Malware in sbrugna...

CVE-2012-10042

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

CVE-2012-10042 Sflog! CMS 1.0 Arbitrary File Upload RCE

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

PT-2025-32395 · Unknown · Sflog! Cms

Name of the Vulnerable Software and Affected Versions: Sflog! CMS version 1.0 Description: Sflog! CMS version 1.0 contains an authenticated arbitrary file upload issue in the blog management interface. The application includes default credentials admin:secret and permits authenticated users to...

CVE-2025-6867 SourceCodester Simple Company Website manage.php sql injection

A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has...

SourceCodester Simple Company Website 注入漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. An injection vulnerability exists in version 1.0 of the SourceCodester Simple Company Website, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file...

CVE-2020-21648

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php...

CVE-2023-2677 SourceCodester Covid-19 Contact Tracing System manage.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...

Sql injection

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function saveinventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. T...

CVE-2022-3671

A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2022-3671 SourceCodester eLearning System manage.php sql injection

A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

Information Disclosure

moodle/moodle is vulnerable to information exposure. The vulnerability exists due to a lack of sanitization in output field in the manage.php file, allowing to read sensitive information in the system...

Arbitrary file deletion

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php...

CVE-2020-21648

CVE-2020-21648 affects WDJA CMS v1.5.2 with an arbitrary file deletion vulnerability in admin/cache/manage.php. The issue is documented across multiple sources (NVD/Red Hat/CVE). The root cause details are not provided beyond the vulnerability location; impact is deletion of arbitrary files. CVSS...

Nagios XI Manage.php Directory Traversal (CVE-2021-3277)

A directory traversal vulnerability exists in Nagios XI. The vulnerability is due to insufficient validation of the request parameters in manage.php of the Custom-includes module...

CVE-2020-23631

CVE-2020-23631 affects WDJA CMS 1.5, where a flaw in admin/global/manage.php allows CSRF that can enable cross-site scripting via the tongji parameter. The impact described is XSS; no exploitation details or patch/version remediation are provided in the supplied documents. If present, mitigation ...