2005 matches found
PT-2022-24354 · Unknown · Online Leave Management System
Name of the Vulnerable Software and Affected Versions: Online Leave Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/maintenance/manage leave type.php" API endpoint. Recommendations:...
Exposure of "Forgot Password" Token on Threads Controller Leads to Account Takeover
Description Hello there! Hope you are doing great! I kept looking for issues that are similar to CVE-2022-3019, and ended up finding one more, it's in the Thread entity, and I found it by looking at the /api/threads/:appid/all endpoint. It retrieves sensitive information about every user that's i...
Mass Assignment in Self Controller Leads To Vertical Privillege Escalation
Description Hello there, y'all! How are you doing? Hope you are doing great! I was testing Budibase and noticed that the api endpoint /api/global/self, which is used for different purposes updating an user's name or their password, always receives an entire object containing most of the attribute...
PT-2022-24329 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/contact/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue...
PT-2022-24326 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/article/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue...
PT-2022-24330 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/foldernotice/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue...
PT-2022-24340 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue is related to SQL Injection, which can be exploited via the /system/menu/list API endpoint. This allows for potential unauthorized access to sensitive data. Recommendations: For JFinal CMS versi...
PT-2022-24332 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/friendlylink/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the...
PT-2022-24328 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/comment/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue...
PT-2022-24327 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/article/list approve" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the...
PT-2022-24331 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/folderrollpicture/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the...
PT-2022-24321 · Unknown · Apartment Visitor Management System
Name of the Vulnerable Software and Affected Versions: Apartment Visitor Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the editid parameter at the "/avms/edit-apartment.php" API endpoint. There is no...
PT-2022-24364 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 router versions 15.03.05.05 through 15.03.05.19 Description: A stack overflow issue was discovered via the time parameter at the "/goform/saveParentControlInfo" API endpoint. Recommendations: For versions 15.03.05.05 through...
PT-2022-24365 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 router versions 15.03.05.05 through 15.03.05.19 Description: A stack overflow issue was discovered, affecting the Tenda AC18 router. The issue occurs via the urls parameter at the "/goform/saveParentControlInfo" API endpoint...
PT-2022-23521 · Unknown · Garage Management System
Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The issue is related to a persistent cross-site scripting XSS vulnerability. This vulnerability can be exploited via the brand name parameter at the "/brand.php" API endpoint. Recommendations:...
Mattermost: DoS via Playbook
An attacker could create a playbook with a large value for the runsummarytemplate attribute, which doesn't have any size check or validation. This could cause the server to consume an abnormal amount of computing resources and ultimately crash, leading to a denial of service attack. The attack is...
PT-2022-23476 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the deviceList parameter at the "/goform/setMacFilterCfg" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the deviceList...
PT-2022-23825 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version A2 v1.10CNB04.img Description: The network can be initialized without authentication via the "/goform/wizard end" API endpoint. Recommendations: For D-Link DIR-816 version A2 v1.10CNB04.img, as a temporary workaround,...
PT-2022-23475 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the list parameter at the "/goform/setPptpUserList" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the list parameter in the...
PT-2022-23860 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 12.3.0 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the "/search/1940/created-monthly-list" API endpoint. This allows for malicious scripts to be injected into the website...