#php

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.

Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php.

Anuranan SBAdmin version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

XEL CMS version 1.1 suffers from a cross site request forgery vulnerability.

Inout Search Engine AI Edition version 1.1 suffers from a cross site scripting vulnerability.

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

Rest-Cafe and Restaurant Website CMS version 2.0.0 suffers from a cross site scripting vulnerability.

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

AngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.