Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-4737
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: prior to 1.2.
Hedeftakip Admin Portal
NA
CVE-2007-6232
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote malicious users to inject arbitrary web script or HTML via the error parameter in an error page action.
Ftp Admin 0.1.0
2 EDB exploits
7.2
CVSSv3
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
Entando Admin Console
7.2
CVSSv3
CVE-2021-29439
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary...
Getgrav Grav Admin
NA
CVE-2012-1631
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote malicious users to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.
Databasepublish Admin\\ Hover
8.8
CVSSv3
CVE-2018-20971
The church-admin plugin prior to 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
Churchadminplugin Church Admin
5.4
CVSSv3
CVE-2021-24365
The Admin Columns WordPress plugin Free prior to 4.3.2 and Pro prior to 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escapin...
Admincolumns Admin Columns
5.4
CVSSv3
CVE-2021-24366
The Admin Columns WordPress plugin prior to 4.3 and Admin Columns Pro WordPress plugin prior to 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html c...
Admincolumns Admin Columns
7.8
CVSSv3
CVE-2013-5582
Ammyy Admin 3.2 and previous versions stores the client ID at a fixed memory location, which might make it easier for user-assisted remote malicious users to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
Ammyy Ammyy Admin
1 EDB exploit
6.1
CVSSv3
CVE-2022-0626
The Advanced Admin Search WordPress plugin prior to 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting.
Kuroit Advanced Admin Search
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »