Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2022-24844
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this v...
Gin-vue-admin Project Gin-vue-admin
NA
CVE-2023-24007
Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions.
Admin Block Country Project Admin Block Country
516
VMScore
CVE-2021-25111
The English WordPress Admin WordPress plugin prior to 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
English Wordpress Admin Project English Wordpress Admin
NA
CVE-2022-32176
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privi...
Gin-vue-admin Project Gin-vue-admin
690
VMScore
CVE-2008-4454
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote malicious users to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely...
Mysql Quick Admin Mysql Quick Admin 1.5.5
2 EDB exploits
685
VMScore
CVE-2008-4455
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to read and execute arbitrary files via a .. (dot dot) in the language cookie.
Mysql Quick Admin Mysql Quick Admin 1.5.5
1 EDB exploit
356
VMScore
CVE-2015-9390
The admin-management-xtended plugin prior to 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
Admin Management Xtended Project Admin Management Xtended
383
VMScore
CVE-2016-1000126
Reflected XSS in wordpress plugin admin-font-editor v1.8
Admin-font-editor Project Admin-font-editor
605
VMScore
CVE-2017-12881
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin prior to 1.3.0 allows remote malicious users to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
Spring Batch Admin Project Spring Batch Admin
668
VMScore
CVE-2021-44219
Gin-Vue-Admin prior to 2.4.6 mishandles a SQL database.
Gin-vue-admin Project Gin-vue-admin
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »