163 matches found
CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...
CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...
CVE-2025-15394
CVE-2025-15394 affects iCMS up to version 8.0.0. The vulnerability resides in the Save function of app/config/ConfigAdmincp.php (POST Parameter Handler). Manipulating the config argument results in code injection. The issue can be exploited remotely, and public exploit code is available. Multiple...
CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...
CVE-2025-14729
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2025-14729
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2025-14729 CTCMS Content Management System Backend App Configuration Ct_App.php save code injection
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2025-14729 CTCMS Content Management System Backend App Configuration Ct_App.php save code injection
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2025-14729
CVE-2025-14729 affects CTCMS Content Management System up to version 2.1.2. The vulnerability resides in the Save function of /ctcms/libs/Ct_App.php, in the Backend App Configuration Module, where manipulating the CT_App_Paytype argument enables code injection. Remote exploitation is possible and...
PT-2025-51319
Name of the Vulnerable Software and Affected Versions CTCMS Content Management System versions up to 2.1.2 Description A code injection issue exists in CTCMS Content Management System. The issue is located in the Save function within the /ctcms/libs/Ct App.php file of the Backend App Configuratio...
CTCMS 代码注入漏洞
CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A code injection vulnerability exists in CTCMS 2.1.2 and earlier versions, which originates from improper handling of the parameter CTAppPaytype in the Save function in the file /ctcms/libs/CtApp.php, which m...
PT-2025-49185
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner Remote Storage:save function. This makes it possible for...
EUVD-2025-60954
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclplsave functionality. This makes it possible for unauthenticated attackers to modify...
CVE-2025-12527
CVE-2025-12527 affects the WordPress plugin Page & Post Notes. A missing capability check in yydev_notes_save_dashboard_data allows authenticated users with Subscriber+ privileges to modify notes in all versions up to 1.3.4. Wordfence and PTSecurity indicate the issue is fixed in a later release ...
EUVD-2008-3206
Malware in sbrugna...
CVE-2025-11289
A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cro...
CVE-2025-11289
A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cro...
CVE-2025-11289 westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting
A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cro...
CVE-2025-11289 westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting
A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cro...
CVE-2025-11289
CVE-2025-11289 affects westboy CicadasCMS, specifically the Save function in TemplateFileServiceImpl.java (Template Management Page). The vulnerability enables cross-site scripting and can be triggered remotely. Public disclosures exist for the exploit. Connected documents indicate remediation by...