Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-4737
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: prior to 1.2.
Hedeftakip Admin Portal
9.8
CVSSv3
CVE-2023-51763
csv_builder.rb in ActiveAdmin (aka Active Admin) prior to 3.2.0 allows CSV injection.
Activeadmin Active Admin
9.8
CVSSv3
CVE-2023-51411
Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a up to and including 3.18.3.
Dynamiapps Frontend Admin
5.4
CVSSv3
CVE-2021-24365
The Admin Columns WordPress plugin Free prior to 4.3.2 and Pro prior to 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escapin...
Admincolumns Admin Columns
5.4
CVSSv3
CVE-2021-24366
The Admin Columns WordPress plugin prior to 4.3 and Admin Columns Pro WordPress plugin prior to 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html c...
Admincolumns Admin Columns
7.2
CVSSv3
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
Entando Admin Console
7.8
CVSSv3
CVE-2013-5582
Ammyy Admin 3.2 and previous versions stores the client ID at a fixed memory location, which might make it easier for user-assisted remote malicious users to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
Ammyy Ammyy Admin
1 EDB exploit
NA
CVE-2022-23079
In motor-admin versions 0.0.1 up to and including 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
Getmotoradmin Motor Admin
7.2
CVSSv3
CVE-2021-29439
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary...
Getgrav Grav Admin
9.8
CVSSv3
CVE-2019-0813
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.
Microsoft Windows Admin Center
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »