Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-28525: There is a file upload vulnerability here: /admin/users.php?source=edit_user&id=1 · Issue #5 · chilin89117/ED01-CMS

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1.

CVE
Open in Source
#vulnerability#git#php#rce
CVE-2022-28524: There is a SQL injection vulnerability here: /post.php · Issue #4 · chilin89117/ED01-CMS

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.

CVE-2022-28918: There is an arbitrary file deletion vulnerability here: /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name= · Issue #116 · GreenCMS/GreenCMS

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.

CVE-2022-28527: There is an arbitrary folder deletion vulnerability here:/admin.php?r=admin/AdminBackup/del · Issue #5 · ShaoGongBra/dhcms

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.

CVE-2022-28522: There is a stored xss vulnerability here: /index.php?m=home&c=message&a=add · Issue #5 · jorycn/thinkphp-zcms

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.

CVE-2022-28528: There is a file upload vulnerability here: /admin/index.php?mode=content&page=media&action=edit · Issue #14 · alexlang24/bloofoxCMS

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.

CVE-2022-28521: bug_report/zcms:php file inclusion at main · zhendezuile/bug_report

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.

CVE-2021-36895: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.

CVE-2022-27985: SQL injection vulnerability exists in CuppaCMS /administrator/alerts/alertLightbox.php · Issue #31 · CuppaCMS/CuppaCMS

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.