Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-1599
The Admin Management Xtended WordPress plugin prior to 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing malicious users to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post dat...
Admin Management Xtended Project Admin Management Xtended
NA
CVE-2008-4455
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to read and execute arbitrary files via a .. (dot dot) in the language cookie.
Mysql Quick Admin Mysql Quick Admin 1.5.5
1 EDB exploit
7.5
CVSSv3
CVE-2022-47762
In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.
Gin-vue-admin Project Gin-vue-admin
8.8
CVSSv3
CVE-2023-24007
Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions.
Admin Block Country Project Admin Block Country
6.1
CVSSv3
CVE-2021-25111
The English WordPress Admin WordPress plugin prior to 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
English Wordpress Admin Project English Wordpress Admin
8.8
CVSSv3
CVE-2022-29450
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
Admin Management Xtended Project Admin Management Xtended
9.8
CVSSv3
CVE-2021-44219
Gin-Vue-Admin prior to 2.4.6 mishandles a SQL database.
Gin-vue-admin Project Gin-vue-admin
NA
CVE-2008-4454
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote malicious users to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely...
Mysql Quick Admin Mysql Quick Admin 1.5.5
2 EDB exploits
8.1
CVSSv3
CVE-2022-21660
Gin-vue-admin is a backstage management system based on vue and gin. In versions before 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no know...
Gin-vue-admin Project Gin-vue-admin
1 Github repository
7.5
CVSSv3
CVE-2022-39345
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin before 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There ...
Gin-vue-admin Project Gin-vue-admin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »