Show filters
570 Total Results
Displaying 61-70 of 570
Sort by:
Attacker Value
Unknown
CVE-2023-43270
Disclosure Date: September 22, 2023 (last updated February 25, 2025)
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.
0
Attacker Value
Unknown
CVE-2023-5002
Disclosure Date: September 22, 2023 (last updated February 25, 2025)
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.
0
Attacker Value
Unknown
CVE-2023-40619
Disclosure Date: September 20, 2023 (last updated February 25, 2025)
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.
0
Attacker Value
Unknown
CVE-2023-4060
Disclosure Date: September 11, 2023 (last updated October 08, 2023)
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2023-30782
Disclosure Date: August 16, 2023 (last updated February 25, 2025)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
0
Attacker Value
Unknown
CVE-2021-29378
Disclosure Date: August 11, 2023 (last updated February 25, 2025)
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
0
Attacker Value
Unknown
CVE-2023-37889
Disclosure Date: July 18, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.
0
Attacker Value
Unknown
CVE-2023-27225
Disclosure Date: July 06, 2023 (last updated February 25, 2025)
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.
0
Attacker Value
Unknown
CVE-2023-34648
Disclosure Date: June 29, 2023 (last updated February 25, 2025)
A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.
0
Attacker Value
Unknown
CVE-2023-34021
Disclosure Date: June 23, 2023 (last updated February 25, 2025)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
0
