EUVD-2019-16271

Malware in sbrugna...

PT-2023-12442 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file. This affects the...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete...

CVE-2021-28070

CVE-2021-28070 describes a Cross-Site Request Forgery (CSRF) vulnerability in PopojiCMS 2.0.1, specifically in po-admin/route.php?mod=user&act=multidelete. The connected Red Hat, CNVD, CNVD-like and other listings confirm the same issue but do not provide concrete exploit details in these documen...

CVE-2019-18816

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post1content= stored XSS...

CVE-2019-9549

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935...

CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...

CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

CVE-2018-19186

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter...

Code injection

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter...

CVE-2018-19186

CVE-2018-19186 concerns the Amazon PAYFORT payfort-php-SDK (payment gateway SDK) through 2018-04-26, where a cross-site scripting (XSS) flaw exists in the route.php paymentMethod parameter. The vulnerability is evidenced in NVD and corroborated by multiple sources (CNVD/CVE records). Affected com...

CVE-2018-19186

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter...

Cross site request forgery (csrf)

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account...

CVE-2018-18935

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account...

CVE-2018-18935

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account...

forum.tomsk.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-522712 Description| Value ---|--- Affected Website:| forum.tomsk.ru Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure...