CVE-2022-50944

Aero CMS 0.0.1 is affected by a PHP code injection vulnerability. Authenticated attackers can upload PHP files via the image parameter to the admin posts.php endpoint with source=add_post, leading to server-side code execution. The vulnerability exposes high impact on confidentiality, integrity, ...

EUVD-2006-0163

Malware in sbrugna...

CVE-2025-5406

The CVE-2025-5406 entry affects chaitak-gorai Blogbook (up to commit 92f5cf90f8a7e6566b576fe0952e14e1c6736513). The vulnerability resides in an unknown function within /admin/posts.php?source=add_post, where manipulating the image parameter leads to unrestricted file upload. This remote attack is...

PT-2025-23433 · Unknown · Chaitak-Gorai Blogbook

Name of the Vulnerable Software and Affected Versions: chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 Description: A critical vulnerability was found in chaitak-gorai Blogbook. The issue affects an unknown function of the file /admin/posts.php?source=add post, where the...

CVE-2023-5811 flusity CMS posts.php loadPostAddForm cross site scripting

A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menuid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-5810 flusity CMS posts.php loadPostAddForm cross site scripting

A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument editpostid leads to cross site scripting. The attack may be initiated remotely. The exploit has...

CVE-2023-5810 flusity CMS posts.php loadPostAddForm cross site scripting

A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument editpostid leads to cross site scripting. The attack may be initiated remotely. The exploit has...

CVE-2022-28422

The CVE-2022-28422 entry concerns Baby Care System v1.0, which is vulnerable to a SQL injection in the administrative interface. Specifically, the weakness is exposed via /admin/posts.php&action=edit (per multiple sources, e.g., NVD entries and CNVD/CVE records). The root cause is an injectable S...

CVE-2022-28424

CVE-2022-28424 affects Baby Care System v1.0, with a SQL injection vulnerability in /admin/posts.php&find= that arises from unvalidated external input. The root cause is improper handling of the find parameter, enabling arbitrary SQL execution. Impact is stated by the CVSS data: CVSSv2 base score...

Cross-Site Request Forgery (CSRF)

anchorcms/anchor-cms is vulnerable to cross-site request forgery. The vulnerability exists because the token is not checked when deleting the posts in posts.php which allows an attacker to arbitrarily delete the posts...

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...

CVE-2022-25576

Anchor CMS v0.12.7 is affected by a Cross-Site Request Forgery (CSRF) in the component anchor/routes/posts.php that allows an attacker to arbitrarily delete posts. The root cause, as described across multiple entries (including HGSA/GHSA and CVE references), is a missing/ inadequate CSRF token va...

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

Sql injection

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

CVE-2021-46458

Victor CMS v1.0 contains a SQL injection in the admin/posts.php?source=add_post component. The vulnerability is exploitable via a crafted POST request to post_title, allowing an attacker to inject SQL statements through user input. According to NVD, CVSS metrics show a CVSS‑3.1 base score of 7.5 ...

Cross-site Scripting in Anchor CMS

Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...

GHSA-7MQ6-CP5M-F4J5 Cross-site Scripting in Anchor CMS

Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...

CVE-2021-44116

Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...

Cross site scripting

Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...