EUVD-2020-10111

Malware in sbrugna...

CVE-2022-41544

GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...

PT-2023-32557 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions 3.3.16 through 3.4.0a Description: A critical issue affects the processing of the file /admin/theme-edit.php, leading to code injection. The attack can be initiated remotely. Recommendations: For versions 3.3.16 through...

CVE-2022-4601

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotel...

CVE-2022-4598

A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site...

CVE-2022-4599

A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross...

CVE-2022-4602

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

Cross site scripting

A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross...

PT-2022-27715 · Shoplazza · Shoplazza Lifestyle

Name of the Vulnerable Software and Affected Versions: Shoplazza LifeStyle version 1.1 Description: A vulnerability was found in the Product Carousel Handler component, affecting an unknown part of the file /admin/api/theme-edit/. The manipulation of the Heading/Description argument leads to...

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in GetSimple CMS version v3.3.16, which was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...

CVE-2022-36068

Discourse vulnerability CVE-2022-36068 affects versions prior to 2.8.9 (stable) and prior to 2.9.0.beta10 (beta/tests-passed). A moderator could create new themes and edit existing themes via the API when not allowed. Patch is available in 2.8.9 (stable) and 2.9.0.beta10 (beta/tests-passed). Ther...

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

Code injection

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

UBUNTU-CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2020-18184

Removed by vendor...

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...

Cross site scripting

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...

CVE-2019-9652

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...