190 matches found
rConfig <3.9.4 - Sensitive Information Disclosure
rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...
PT-2025-49553
Name of the Vulnerable Software and Affected Versions Simple Shopping Cart version 1.0 Description A flaw exists in Simple Shopping Cart 1.0 that allows for SQL injection. The issue is located in the /Customers/settings.php file, specifically when manipulating the user id argument. Remote...
EUVD-2011-5049
Malware in sbrugna...
EUVD-2007-5568
Malware in sbrugna...
EUVD-2008-5411
Malware in sbrugna...
EUVD-2012-5548
Malware in sbrugna...
EUVD-2021-15097
Malware in sbrugna...
EUVD-2022-38920
Malicious code in bioql PyPI...
PT-2025-23277 · WordPress · Simple Page Access Restriction
Name of the Vulnerable Software and Affected Versions: The Simple Page Access Restriction plugin for WordPress versions up to, and including, 1.0.31 Description: The issue is due to missing nonce validation and capability checks in the settings save handler in the settings.php script. This allows...
CVE-2022-3464
A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument sitename leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...
CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...
CVE-2024-46506
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...
CVE-2024-8566 code-projects Online Shop Store settings.php cross site scripting
A vulnerability classified as problematic was found in code-projects Online Shop Store 1.0. This vulnerability affects unknown code of the file /settings.php. The manipulation of the argument error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2024-41347
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...
CVE-2024-41347
The CVE-2024-41347 entry concerns openflights with an XSS vulnerability in php/settings.php, identified in commit 5234b5b. The vulnerability is described as Cross-Site Scripting via php/settings.php, affecting the openflights project (commit 5234b5b). The available data indicate a Medium CVSS v3....
CVE-2024-41347
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...
CVE-2024-41347
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...
BIT-SEOPANEL-2021-28418
A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter...
CVE-2024-2149
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...
Sql injection
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...