27 matches found
EUVD-2021-24040
Malware in sbrugna...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
Remote code execution
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
CVE-2024-25301
CVE-2024-25301 affects Redaxo v5.15.1, with a remote code execution (RCE) vulnerability exposed via the component "/pages/templates.php". Multiple connected sources corroborate the same issue and version. The exact root cause is not fully detailed in the provided documents, but the vulnerability ...
CVE-2024-25301
Redaxo v5.15.1 was discovered to contain a remote code execution RCE vulnerability via the component /pages/templates.php...
Navigate CMS sql injection vulnerability (CNVD-2021-57420)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the template-properties-order parameter in templates.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backe...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2020-10431
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
Cross site scripting
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
CVE-2020-10492
The CVE affects Chadha PHPKB Standard Multi-Language version 9. The vulnerability is a CSRF weakness exploitable via requests to the admin/manage-templates.php endpoint, enabling an attacker to delete an article template. The root cause is insufficient CSRF protection on that endpoint, allowing u...
CVE-2020-10472
Summary: CVE-2020-10472 is a reflected XSS vulnerability in Chadha PHPKB Standard Multi-Language 9, specifically in the admin/manage-templates.php page where the GET parameter “sort” can be tainted to inject arbitrary scripts. The affected component is the web application’s template management in...
CVE-2020-10431
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
PT-2019-14772 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the Email Template section, specifically affecting the mails templates.php file. This allows a user, regardless of their privileges, to inject scripts that can attack the...
LimeSurvey ‘/admin/templates.php’脚本任意文件上传漏洞
LimeSurvey(前称PHPSurveyor)是LimeSurvey团队开发的一套开源的在线问卷调查程序,它支持调查程序开发、调查问卷发布以及数据收集等功能。 LimeSurvey中存在任意文件上传漏洞,该漏洞源于程序没有成充分过滤用户提交的输入。攻击者可利用该漏洞上传任意文件到受影响计算机,导致在受影响应用程序上下文中执行任意代码。 0 LimeSurvey 目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.limesurvey.org/...
4Images 1.7.6 Cross Site Request Forgery
!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
!/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : "Powered by 4images" video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3 |.sp. abo.B4sil | HcJ Cyb3r...
Directory traversal
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...