Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-24581
The Blue Admin WordPress plugin up to and including 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its setti...
Blue-admin Project Blue-admin
8.8
CVSSv3
CVE-2023-23721
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
Admin Log Project Admin Log
8.8
CVSSv3
CVE-2016-10522
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
Rails Admin Project Rails Admin
7.5
CVSSv3
CVE-2023-0648
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been...
Dst-admin Project Dst-admin 1.5.0
7.5
CVSSv3
CVE-2023-0649
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been d...
Dst-admin Project Dst-admin 1.5.0
7.5
CVSSv3
CVE-2021-44586
An issue exists in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.
Dst-admin Project Dst-admin 1.3.0
7.5
CVSSv3
CVE-2021-46371
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.
Antd-admin Project Antd-admin 5.5.0
9.8
CVSSv3
CVE-2022-27342
Link-Admin v0.0.1 exists to contain a SQL injection vulnerability via DictRest.ResponseResult().
Link-admin Project Link-admin 0.0.1
6.1
CVSSv3
CVE-2017-12098
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browse...
Rails Admin Project Rails Admin 1.2.0
6.5
CVSSv3
CVE-2018-11092
An issue exists in the Admin Notes plugin 1.1 for MyBB. CSRF allows an malicious user to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
Admin Notes Project Admin Notes 1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »