27 matches found
EUVD-2021-24040
Malware in sbrugna...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
Remote code execution
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
CVE-2024-25301
CVE-2024-25301 affects Redaxo v5.15.1, with a remote code execution (RCE) vulnerability exposed via the component "/pages/templates.php". Multiple connected sources corroborate the same issue and version. The exact root cause is not fully detailed in the provided documents, but the vulnerability ...
Navigate CMS sql injection vulnerability (CNVD-2021-57420)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the template-properties-order parameter in templates.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backe...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2020-10431
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
Cross site scripting
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
CVE-2020-10492
The CVE affects Chadha PHPKB Standard Multi-Language version 9. The vulnerability is a CSRF weakness exploitable via requests to the admin/manage-templates.php endpoint, enabling an attacker to delete an article template. The root cause is insufficient CSRF protection on that endpoint, allowing u...
CVE-2020-10472
Summary: CVE-2020-10472 is a reflected XSS vulnerability in Chadha PHPKB Standard Multi-Language 9, specifically in the admin/manage-templates.php page where the GET parameter “sort” can be tainted to inject arbitrary scripts. The affected component is the web application’s template management in...
CVE-2020-10431
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
PT-2019-14772 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the Email Template section, specifically affecting the mails templates.php file. This allows a user, regardless of their privileges, to inject scripts that can attack the...
LimeSurvey ‘/admin/templates.php’脚本任意文件上传漏洞
LimeSurvey(前称PHPSurveyor)是LimeSurvey团队开发的一套开源的在线问卷调查程序,它支持调查程序开发、调查问卷发布以及数据收集等功能。 LimeSurvey中存在任意文件上传漏洞,该漏洞源于程序没有成充分过滤用户提交的输入。攻击者可利用该漏洞上传任意文件到受影响计算机,导致在受影响应用程序上下文中执行任意代码。 0 LimeSurvey 目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.limesurvey.org/...
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...
4Images 1.7.6 Cross Site Request Forgery
!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...
Directory traversal
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...