193 matches found
CVE-2025-50859
CVE-2025-50859 affects Easy Hosting Control Panel (EHCP) 20.04.1.b and is a reflected cross-site scripting vulnerability in the Change Template function. An authenticated user can supply a crafted template parameter to trigger arbitrary JavaScript execution, with impact described as partial in so...
CVE-2014-8304
Cross-site scripting XSS vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the nexttemplate parameter to admin/index.php...
WordPress plugin Madara 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
Exploit for CVE-2025-4524
CVE-2025-4524 - Unauthenticated madara-core Wordpress theme LF...
SourceCodester Online ID Generator System 安全漏洞
SourceCodester Online ID Generator System is an online identity generator system from SourceCodester open source. A security vulnerability exists in SourceCodester Online ID Generator System version 1.0, which originates from a SQL injection due to incorrect manipulation of the parameter template...
CVE-2024-40073
SourceCodester Online ID Generator System 1.0 is affected by a SQL injection vulnerability in the template parameter of id_generator/admin/?page=generate&template=4. The root cause is improper input handling leading to injection, exposing high-risk impact on confidentiality, integrity, and availa...
WordPress plugin MinimogWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2025-1661
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...
CVE-2025-1661
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...
CVE-2025-26520
Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...
DEBIAN-CVE-2024-54146
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of hosttemplates.php using the graphtemplate parameter. This vulnerability is fixed in 1.2.29...
UBUNTU-CVE-2024-54146
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of hosttemplates.php using the graphtemplate parameter. This vulnerability is fixed in 1.2.29...
Cacti SQL注入漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a SQL injection vulnerability that stems from improper...
PluXml 安全漏洞
PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version v5.8.16 and earlier versions, which stems from a Remote Code Execution RCE vulnerability in the...
CVE-2024-6459
The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
The vulnerability of the ssvpn_config_mod function in the /vpn/list_ip_network.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software allows a malicious actor to execute arbitrary commands.
The vulnerability of the ssvpnconfigmod function in the /vpn/listipnetwork.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software is related to the failure to eliminate special elements used in commands when processing parameters like template and...
Raisecom MSG1200、Raisecom MSG2100E、Raisecom MSG2200和Raisecom MSG2300 操作系统命令注入漏洞
The Raisecom MSG1200 and others are a Gigabit Converged Gateway from Raisecom China. An OS command injection vulnerability exists in the Raisecom MSG1200, Raisecom MSG2100E, Raisecom MSG2200, and Raisecom MSG2300 version 3.90, which originates from the parameter template/ in file...
Raisecom MSG1200、Raisecom MSG2100E、Raisecom MSG2200和Raisecom MSG2300 安全漏洞
The Raisecom MSG1200 and others are a Gigabit converged gateway from Raisecom China. A security vulnerability exists in the Raisecom MSG1200, Raisecom MSG2100E, Raisecom MSG2200, and Raisecom MSG2300 version 3.90, which originates from the parameter template/stylenum in the file...
PT-2024-5851
Name of the Vulnerable Software and Affected Versions Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 version 3.90 Description A critical vulnerability was found in the Web Interface component of Raisecom devices, specifically in the file list base config.php. The manipulation of the template...
JFinalCMS 跨站脚本漏洞
JFinalCMS is a content management system by heyewei personal developer. A cross-site scripting vulnerability exists in JFinalCMS version 20240111 and earlier, which stems from a cross-site scripting XSS vulnerability in the directory parameter of file /admin/template...