Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Admin Menu Project Admin Menu
6.1
CVSSv3
CVE-2019-17606
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and previous versions for Node.js is vulnerable to stored XSS via the content of a post.
Hexo-admin Project Hexo-admin
4.8
CVSSv3
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
9.8
CVSSv3
CVE-2022-27342
Link-Admin v0.0.1 exists to contain a SQL injection vulnerability via DictRest.ResponseResult().
Link-admin Project Link-admin 0.0.1
7.5
CVSSv3
CVE-2021-46371
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.
Antd-admin Project Antd-admin 5.5.0
9.8
CVSSv3
CVE-2023-43270
dst-admin v1.5.0 exists to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.
Dst-admin Project Dst-admin 1.5.0
7.5
CVSSv3
CVE-2023-0646
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit ha...
Dst-admin Project Dst-admin 1.5.0
7.5
CVSSv3
CVE-2023-0647
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The ex...
Dst-admin Project Dst-admin 1.5.0
7.5
CVSSv3
CVE-2023-0648
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been...
Dst-admin Project Dst-admin 1.5.0
7.5
CVSSv3
CVE-2023-0649
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been d...
Dst-admin Project Dst-admin 1.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »