Lucene search
K

50 matches found

Vulnrichment
Vulnrichment
added 2025/09/26 7:2 p.m.2 views

CVE-2025-11036 code-projects E-Commerce Website admin_account_update.php sql injection

A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/adminaccountupdate.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score0.00465EPSS
Exploits1References5
CVE
CVE
added 2025/09/26 7:2 p.m.17 views

CVE-2025-11036

CVE-2025-11036 affects code-projects E-Commerce Website 1.0. The vulnerability is in the file /pages/admin_account_update.php where manipulation of the argument user_id enables SQL injection. Exploitation can be performed remotely and public PoCs exist. Root cause is lack of input validation for ...

9.8CVSS6.8AI score0.00465EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.7 views

Code-Projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /pages/adminaccountupdate.php. An attacker can exploit this vulnerabili...

9.8CVSS8.2AI score0.00465EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/07/13 12:0 a.m.5 views

PT-2025-29354 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue exists in the processing of the /user/update account.php file. Manipulation of the musername argument can lead to SQL injection. The attack can be initiated remotely. The...

6.5CVSS6.9AI score0.003EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.5 views

CVE-2024-9943

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...

6.3CVSS5.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:30 p.m.9 views

CVE-2020-35273

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery CSRF to remotely gain privileges in the User Profile panel. An attacker can update any user's account...

8CVSS7.2AI score0.00558EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/04/14 12:0 a.m.6 views

PT-2025-16246 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.9 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 10.5.x through 10.5.1 Description: The issue arises when a user account is converted to a bot, and the cache is not properly invalidated,...

9.9CVSS4.5AI score0.00955EPSS
Exploits1References40
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.7 views

PT-2024-39956 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue is due to missing or incorrect nonce validation on several functions in...

6.3CVSS6.9AI score0.00192EPSS
Exploits0References9
OSV
OSV
added 2024/09/24 2:15 a.m.6 views

CVE-2024-8795

The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the myaccountupdate function. This makes it possible for unauthenticated attackers to update a user's accou...

8.8CVSS5.6AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.6 views

PT-2022-20880 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: The issue arises from the failure to validate user permissions when updating a robot account that belongs to a project the authenticated user doesn’t have access to. By sending a request to update a...

6.4CVSS6.9AI score0.00499EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.2 views

Sourcecodester Online Discussion Forum Site 跨站请求伪造漏洞

Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. An online discussion forum. A security vulnerability in Sourcecodester Online Discussion Forum Site version 1.0, which stems from an issue in the saveusers function, allows an unauthenticated attacker to arbitrarily...

6.5CVSS6.5AI score0.00818EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/06/16 12:0 a.m.4 views

PT-2022-20670 · Online Discussion Forum Site +1 · Online Discussion Forum Site

Name of the Vulnerable Software and Affected Versions: Online Discussion Forum Site 1 affected versions not specified Description: The issue allows unauthenticated attackers to arbitrarily create or update user accounts due to a problem in the save users function. Recommendations: At the moment,...

6.5CVSS7AI score0.00818EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2022/05/10 11:15 a.m.2 views

CVE-2022-24040

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...

6.5CVSS5.4AI score0.00798EPSS
Exploits0References2
OSV
OSV
added 2022/05/10 11:15 a.m.4 views

CVE-2022-24040

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...

6.5CVSS6.5AI score0.00798EPSS
Exploits0References1
Prion
Prion
added 2022/05/10 11:15 a.m.11 views

Input validation

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...

4CVSS6.8AI score0.00798EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2021/10/27 3:15 p.m.4 views

CVE-2021-37221

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file...

8.8CVSS7.4AI score0.0109EPSS
Exploits0References1
0day.today
0day.today
added 2021/06/21 12:0 a.m.29 views

Customer Relationship Management System (CRM) 1.0 - Remote Code Execution Exploit

Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Exploits0
Cvelist
Cvelist
added 2020/12/21 2:51 p.m.21 views

CVE-2020-35273

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery CSRF to remotely gain privileges in the User Profile panel. An attacker can update any user's account...

8.1AI score0.00558EPSS
Exploits1References1
Huntr
Huntr
added 2020/11/24 12:0 a.m.20 views

Business Logic Errors in braitsch/node-login

Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...

1.5AI score
Exploits0
OSV
OSV
added 2017/11/22 7:29 p.m.5 views

CVE-2017-2721

Some Huawei smart phones with software...

4.6CVSS5.8AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder