Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-42980
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
Go-admin Go-admin 2.0.12
6.1
CVSSv3
CVE-2021-28290
A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin prior to 2.0.0 via unencoded value passed to the data-secret-value parameter.
Identityserver4.admin Project Identityserver4.admin
8.8
CVSSv3
CVE-2023-23721
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
Admin Log Project Admin Log
6.1
CVSSv3
CVE-2020-36190
RailsAdmin (aka rails_admin) prior to 1.4.3 and 2.x prior to 2.0.2 allows XSS via nested forms.
Rails Admin Project Rails Admin
NA
CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC sh...
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
NA
CVE-2007-6234
index.php in FTP Admin 0.1.0 allows remote malicious users to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
6.1
CVSSv3
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Admin Menu Project Admin Menu
6.1
CVSSv3
CVE-2023-34021
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Church Admin Project Church Admin
5.4
CVSSv3
CVE-2022-39301
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in...
Sra-admin Project Sra-admin
4.8
CVSSv3
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »