Mars: ███████ - Publicly Accessible public_html Directory Exposing WordPress Configuration

A publicly accessible directory containing sensitive WordPress configuration files, including database credentials, authentication keys, and API secrets, was discovered. The vulnerability allowed unauthorized access to critical system information through a downloadable zip file. The security team...

CVE-2024-50801

CVE-2024-50801 and CVE-2024-50802 describe SQL Injection in AbanteCart 1.4.0 via the update() function. For CVE-2024-50801, the vulnerability is in public_html/admin/controller/responses/listing_grid/collections.php (id parameter). For CVE-2024-50802, it is in public_html/admin/controller/respons...

CVE-2023-48094

A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...

CVE-2023-46492

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the publichtml/doc/index.html...

CVE-2023-46492

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the publichtml/doc/index.html...

MLDB Security Vulnerabilities

MLDB is a machine learning database from MLDB, Inc. A security vulnerability exists in MLDB version v.2017.04.17.0. A remote attacker could exploit the vulnerability to execute arbitrary code via a specially crafted payload to publichtml/doc/index.html...

Geeklog router.php cross-site scripting vulnerability

Geeklog is free and open source blogging software. A cross-site scripting vulnerability exists in Geeklog router.php due to an incorrect validation of user-supplied input by the publichtml/admin/router.php script. An attacker could exploit the vulnerability to steal the victim's cookie-based...

Sql injection

A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file publichtml/ircupdater/svrrequestpub.php. The manipulation leads to sql injection. The patch is identified as...

CVE-2022-27992

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /publichtml/animals via the classid parameter...

CVE-2022-27992

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /publichtml/animals via the classid parameter...

CVE-2022-27992

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /publichtml/animals via the classid parameter...

PHPGURUKUL Zoo Management System SQL注入漏洞

PHPGURUKUL Zoo Management System is a zoo management system from the PHPGurukul Phpgurukul team. PHPGURUKUL Zoo Management System v1.0 is vulnerable to SQL injection, which stems from a lack of filtering in the classid parameter in /publichtml/animals, and can be exploited by attackers to execute...

DEBIAN-CVE-2021-20001

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares /publichtml, which could result in privilege escalation...

glFusion CMS Licensing Issue Vulnerability

GlFusion Cms is a content management and publishing system. glFusion CMS v1.7.9 is vulnerable to an authorization issue, which can be exploited by attackers via /publichtml/users.php...

CVE-2021-44949

glFusion CMS 1.7.9 is affected by an access control vulnerability via /publichtml/users.php...

GlFusion Cms 授权问题漏洞

GlFusion Cms is a content management and publishing system. glFusion CMS v1.7.9 is vulnerable to an authorization issue, which can be exploited by attackers via /publichtml/users.php...

GlFusion Cms 访问控制错误漏洞

glFusion CMS is a content management and publishing system. glFusion CMS v1.7.9 is vulnerable to an access control error, which can be exploited by attackers via /publichtml/comment.php...

CVE-2016-4849

Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...

CVE-2016-4849

Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...

bozotic HTTP server Information Disclosure Vulnerability

This host is running bozotic HTTP server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbbozotichttpserverinfodiscvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ bozotic HTTP server Information Disclosure Vulnerability Authors: Sooraj KS Copyright: Copyright c...