A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into modu
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. Wh
A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the arg
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary co
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a
A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipula
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager.
A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The man
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keywo
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of t
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code inje
A reflected cross-site scripting (XSS) vulnerability in the component /index.php/cuzh4 of PHP Inventory Management System 1 allows attackers to execute arbitrary web scripts or HTML via a crafted payl
A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument U
Page 1+ Next →