Show filters
113 Total Results
Displaying 61-70 of 113
Sort by:
Attacker Value
Unknown
CVE-2018-18488
Disclosure Date: October 18, 2018 (last updated November 27, 2024)
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
0
Attacker Value
Unknown
CVE-2018-18422
Disclosure Date: October 17, 2018 (last updated November 27, 2024)
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.
0
Attacker Value
Unknown
CVE-2018-17361
Disclosure Date: September 23, 2018 (last updated November 27, 2024)
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
0
Attacker Value
Unknown
CVE-2018-17070
Disclosure Date: September 15, 2018 (last updated November 27, 2024)
An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay.
0
Attacker Value
Unknown
CVE-2018-17069
Disclosure Date: September 15, 2018 (last updated November 27, 2024)
An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.
0
Attacker Value
Unknown
CVE-2018-16655
Disclosure Date: September 07, 2018 (last updated November 27, 2024)
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
0
Attacker Value
Unknown
CVE-2018-16437
Disclosure Date: September 05, 2018 (last updated November 27, 2024)
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
0
Attacker Value
Unknown
CVE-2018-16436
Disclosure Date: September 05, 2018 (last updated November 27, 2024)
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator.
0
Attacker Value
Unknown
CVE-2018-16352
Disclosure Date: September 02, 2018 (last updated November 27, 2024)
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
0
Attacker Value
Unknown
CVE-2018-15177
Disclosure Date: August 08, 2018 (last updated November 27, 2024)
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
0
