EUVD-2020-15802

Malware in sbrugna...

EUVD-2019-7775

Malware in sbrugna...

EUVD-2020-10953

Malware in sbrugna...

EUVD-2024-44198

Malicious code in bioql PyPI...

CVE-2020-23046

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component tpl.php via the filename, mid, userid, and templet' parameters...

CVE-2025-4545 CTCMS Content Management System File Tpl.php del path traversal

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to...

CVE-2024-4587 DedeCMS tpl.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be use...

Dolibarr sensitive information disclosure

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to .tpl.php files, which allows remote attackers to obtain sensitive information...

CVE-2020-23046

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component tpl.php via the filename, mid, userid, and templet' parameters...

CVE-2020-23046

DedeCMS v7.5 SP2 contains multiple cross-site scripting (XSS) vulnerabilities in the tpl.php component, exploitable via the filename, mid, userid, and templet parameters. The CVE records indicate an XSS flaw affecting this release without detailing the exploit vector beyond parameter abuse. The c...

Cross site scripting

Cross Site Scripting XSS in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='...

DedeCMS v7.5 SP2 - Multiple Cross Site Web Vulnerabilities

Document Title: =============== DedeCMS v7.5 SP2 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2194 Release Date: ============= 2020-04-07 Vulnerability Laboratory ID VL-ID: ===================================...

CVE-2019-17368

CVE-2019-17368 affects S-CMS v1.5 with a reflected/self-XSS in tpl.php via the parameter in member_login.php. The connected Red Hat/Redirection entries confirm the same description. The available sources do not provide exploitation status, affected versions beyond v1.5, or remediation details. Ro...

CVE-2019-17368

S-CMS v1.5 has XSS in tpl.php via the member/memberlogin.php from parameter...

CVE-2017-17898

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to .tpl.php files, which allows remote attackers to obtain sensitive information...

CVE-2017-17898

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to .tpl.php files, which allows remote attackers to obtain sensitive information...

TalkBack 2.2.7 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. ================================================================================================================================== TalkBack 2.2.7 Remote File Include Vulnerability Software : TalkBack version 2.2.7 Developer : http://www.scripts.oldguy.us/talkbac...

Bigware Shop 2.0 - pollid SQL Injection

Bigware Shop 2.0 - pollid SQL Injection Bigware Shop 2.0 Bug found by D4m14n Vendor: http://www.bigware.de/ Vuln. Version: 2.0 prior versions also may be affected Email: [email protected] GoogleDork: "Diese Shopsoftware wurde entwickelt von Bigware" There's a SQL-Injection in...

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupals .htaccess attempts to set registerglobals to disabled and also prevents access to...

drupal -- cross site scripting (register_globals)

The Drupal Project reports: When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupal's .htaccess attempts to set registerglobals to disabled and...