Bigace 3.0: Code Execution
Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.
Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.
There are multiple XSS vulnerabilities in DYNPG 4.6.
DYNPG 4.6 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user. In this case, this may lead to code execution by allowing the upload of PHP files.
There is a reflected XSS vulnerability in Wolf CMS v0.8.3.1.
There is a code execution vulnerability in Wolf CMS v0.8.3.1. A user account with the Editor role is required.
There are multiple XSS vulnerabilities in Xoops 2.5.7.1.
There is a Blind SQL Injection vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue.
There is a code execution vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue, but the request is not protected against CSRF.
PhpSocial v2.0.0304 is vulnerable to persistent XSS.
PhpSocial v2.0.0304 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.