16 matches found
CVE-2025-70758
chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...
CVE-2025-70758
chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...
PT-2026-5986
Name of the Vulnerable Software and Affected Versions chetans9 core-php-admin-panel through commit a94a780d6 Description The application does not call exit after sending an HTTP redirect via headerLocation:login.php when a user is not authenticated. This allows remote unauthenticated attackers to...
EUVD-2008-0161
Malware in sbrugna...
ClassCMS 跨站脚本漏洞
ClassCMS is a simple, flexible, secure and easy-to-expand content management system from China ClassCMS open source. A cross-site scripting vulnerability exists in ClassCMS version 4.8, which originates from some unknown functions in the file /index.php/admin that can lead to cross-site scripting...
SUSE CVE-2007-5900
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...
SUSE CVE-2009-4896
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...
Collectric CMU 1.0 - lang SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About...
Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection
Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Teste...
phpWebAdmin 1.0 SQL Injection Vulnerability
phpWebAdmin version 1.0 suffers from a remote SQL injection vulnerability. !/usr/bin/perl -w phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit =============================================================== Discovered by NA , NAattutanota.com ========================================...
sNews 1.7.1 - Cross-Site Request Forgery
Exploit Title : Snews CMS Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version :...
CVE-2009-4896
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...
DEBIAN-CVE-2009-4896
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...
CVE-2009-4896
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...
CVE-2009-4896
CVE-2009-4896 affects the mlmmj project’s web interface mlmmj-php-admin, specifically versions 1.2.15 through 1.2.17. The vulnerability is a directory-traversal flaw allowing remote authenticated users to overwrite, create, or delete arbitrary files, or reveal existence of arbitrary directories, ...
CVE-2008-0148
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request...