Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
NA
CVE-2022-42980
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
Go-admin Go-admin 2.0.12
383
VMScore
CVE-2022-0833
The Church Admin WordPress plugin prior to 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated malicious users to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a pub...
Church Admin Project Church Admin
383
VMScore
CVE-2019-17606
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and previous versions for Node.js is vulnerable to stored XSS via the content of a post.
Hexo-admin Project Hexo-admin
383
VMScore
CVE-2021-28290
A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin prior to 2.0.0 via unencoded value passed to the data-secret-value parameter.
Identityserver4.admin Project Identityserver4.admin
NA
CVE-2023-38515
Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a up to and including 3.7.56.
Church Admin Project Church Admin
NA
CVE-2023-34021
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.
Church Admin Project Church Admin
NA
CVE-2022-39301
sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in...
Sra-admin Project Sra-admin
755
VMScore
CVE-2007-1219
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter.
Admin Phorum Admin Phorum 3.3.1a
1 EDB exploit
435
VMScore
CVE-2015-4127
Cross-site scripting (XSS) vulnerability in the church_admin plugin prior to 0.810 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
Church Admin Project Church Admin
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »