Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-24784
The WP Admin Logo Changer WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, which could allow malicious users to make a logged in admin update them via a CSRF attack.
Wp Admin Logo Changer Project Wp Admin Logo Changer
668
VMScore
CVE-2022-1390
The Admin Word Count Column WordPress plugin up to and including 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated malicious users to read arbitrary files on server running old version of PHP susceptible to the null byte technique. Th...
Admin Word Count Column Project Admin Word Count Column
445
VMScore
CVE-2022-1589
The Change wp-admin login WordPress plugin prior to 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Change Wp-admin Login Project Change Wp-admin Login
NA
CVE-2022-3824
The WP Admin UI Customize WordPress plugin prior to 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
Wp Admin Ui Customize Project Wp Admin Ui Customize
NA
CVE-2022-46166
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advis...
Codecentric Spring Boot Admin 3.0.0
Codecentric Spring Boot Admin
383
VMScore
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
605
VMScore
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an act...
Firebase Admin Sdk For Php Project Firebase Admin Sdk For Php
312
VMScore
CVE-2022-28102
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.
Php Mysql Admin Panel Generator Project Php Mysql Admin Panel Generator -
1 Github repository
447
VMScore
CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 leaks the secret login URL when sending a specific crafted request
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
668
VMScore
CVE-2000-0707
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and previous versions installs the file dbconnect.inc within the web root, which allows remote malicious users to obtain sensitive information such as the administrative password.
Pccs-linux Mysqldatabase Admin Tool 1.2.3
Pccs-linux Mysqldatabase Admin Tool 1.2.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »