Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-1814
The WP Admin Style WordPress plugin up to and including 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
Wp Admin Style Project Wp Admin Style
6.8
CVSSv2
CVE-2022-29450
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
Admin Management Xtended Project Admin Management Xtended
4.3
CVSSv2
CVE-2022-1599
The Admin Management Xtended WordPress plugin prior to 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing malicious users to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post dat...
Admin Management Xtended Project Admin Management Xtended
3.5
CVSSv2
CVE-2017-12882
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin prior to 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
Spring Batch Admin Project Spring Batch Admin
6.8
CVSSv2
CVE-2008-4454
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote malicious users to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely...
Mysql Quick Admin Mysql Quick Admin 1.5.5
2 EDB exploits
7.5
CVSSv2
CVE-2021-44219
Gin-Vue-Admin prior to 2.4.6 mishandles a SQL database.
Gin-vue-admin Project Gin-vue-admin
5
CVSSv2
CVE-2022-24843
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known w...
Gin-vue-admin Project Gin-vue-admin
6.5
CVSSv2
CVE-2022-24844
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this v...
Gin-vue-admin Project Gin-vue-admin
NA
CVE-2022-32176
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privi...
Gin-vue-admin Project Gin-vue-admin
6.8
CVSSv2
CVE-2008-4455
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to read and execute arbitrary files via a .. (dot dot) in the language cookie.
Mysql Quick Admin Mysql Quick Admin 1.5.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »