70 matches found
CVE-2023-4703
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2024-4703
The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's onepageexpresscontactform shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2012-4703
The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service device restart via a crafted packet on 1 TCP port 23, 2 UDP port 161, or 3 TCP port 513...
CVE-2010-4703
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2025-4703 PHPGurukul Vehicle Parking Management System admin-profile.php sql injection
A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be...
CVE-2025-4703
The CVE-2025-4703 entry affects PHPGurukul Vehicle Parking Management System version 1.13. Affected component: the file /admin/admin-profile.php. Root cause: manipulation of the contactnumber parameter enables SQL injection. Impact: remote attacker can exploit; multiple sources classify severity ...
CVE-2025-4703 PHPGurukul Vehicle Parking Management System admin-profile.php sql injection
A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be...
WordPress One Page Express Companion Plugin <= 1.6.37 is vulnerable to Cross Site Scripting (XSS)
Software One Page Express Companion Type Plugin Vulnerable versions = 1.6.37 Fixed in 1.6.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 44d8656d9c4b Credits stealthcopt...
Malicious code in wlwz-2312-4703 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04cc0134a1fc61f82648882e083de32aaf764004a63a3ed3ef65148f2ca469f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-596 Malicious code in wlwz-2312-4703 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04cc0134a1fc61f82648882e083de32aaf764004a63a3ed3ef65148f2ca469f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-4703
creationtimestamp| type| source ---|---|--- 2024-01-23 23:16:22+00:00| seen| https://t.me/ctinow/172380...
CVE-2023-4703
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...
CVE-2023-4703
CVE-2023-4703 affects All in One B2B for WooCommerce (WordPress plugin) up to version 1.0.3. The vulnerability arises from improper validation of parameters when updating user details, enabling an unauthenticated attacker to update details for any user. The PoC shows a curl example that updates a...
WordPress All in One B2B for WooCommerce Plugin <= 1.0.3 is vulnerable to Privilege Escalation
Software All in One B2B for WooCommerce Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4703 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 385fda25bc8e...
RHEL 8 : subscription-manager (RHSA-2023:4703)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4703 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...
SUSE CVE-2014-4703
lib/parseini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701...
CVE-2022-4703
creationtimestamp| type| source ---|---|--- 2023-01-10 20:28:33+00:00| seen| https://t.me/cibsecurity/56240...
CVE-2022-4703
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprresetpreviousimport' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported da...