CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2021-47939

Evolution CMS 3.1.6 is affected by an authenticated remote code execution vulnerability. Attackers with module-creation permissions can inject PHP code into module parameters and trigger execution by sending POST requests to /manager/index.php with malicious code in the post parameter. This can l...

CVE-2022-41497

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery SSRF via the pkgurl parameter at /manager/index.php...

CVE-2022-41495

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery SSRF via the rssurlnews parameter at /manager/index.php...

ClipperCMS 代码问题漏洞

ClipperCMS is a content management system CMS from the ClipperCMS team. A security vulnerability exists in ClipperCMS version 1.3.3, which originates from the inclusion of server-side request forgery SSRF via the rssurlnews parameter in /manager/index.php...

ClipperCMS 代码问题漏洞

ClipperCMS is a content management system CMS from the ClipperCMS team. A security vulnerability exists in ClipperCMS version 1.3.3, which stems from the inclusion of server-side request forgery SSRF via the pkgurl parameter in /manager/index.php...

Mr.Zhou Learnsite 授权问题漏洞

Learnsite is an information technology classroom learning platform. A remote elevation of privilege vulnerability exists in the JudgIsAdmin function in /Manager/index.aspx in Learnsite version 1.2.5.0. An attacker can exploit this vulnerability by modifying the first letter of the user cookie key...

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

Remote Code Execution Vulnerability in joyplus-cms manager/index.php File

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A security vulnerability exists in the...

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

etradeasia.com XSS vulnerability

Vulnerable URL: https://www.etradeasia.com/manager/index.asp?gone=1"...

PT-2009-5712 · Plume · Plume Cms

Name of the Vulnerable Software and Affected Versions: Plume CMS version 1.2.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the "m" parameter to "manager/index.php" or by remote authenticated administrators via the "id"...