50 matches found
CVE-2025-11036 code-projects E-Commerce Website admin_account_update.php sql injection
A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/adminaccountupdate.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...
CVE-2025-11036
CVE-2025-11036 affects code-projects E-Commerce Website 1.0. The vulnerability is in the file /pages/admin_account_update.php where manipulation of the argument user_id enables SQL injection. Exploitation can be performed remotely and public PoCs exist. Root cause is lack of input validation for ...
Code-Projects E-Commerce Website SQL注入漏洞
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /pages/adminaccountupdate.php. An attacker can exploit this vulnerabili...
PT-2025-29354 · Unknown · Code-Projects Chat System
Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue exists in the processing of the /user/update account.php file. Manipulation of the musername argument can lead to SQL injection. The attack can be initiated remotely. The...
CVE-2024-9943
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...
CVE-2020-35273
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery CSRF to remotely gain privileges in the User Profile panel. An attacker can update any user's account...
PT-2025-16246 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.9 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 10.5.x through 10.5.1 Description: The issue arises when a user account is converted to a bot, and the cache is not properly invalidated,...
PT-2024-39956 · WordPress · Multivendorx
Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue is due to missing or incorrect nonce validation on several functions in...
CVE-2024-8795
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the myaccountupdate function. This makes it possible for unauthenticated attackers to update a user's accou...
PT-2022-20880 · Harbor · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: The issue arises from the failure to validate user permissions when updating a robot account that belongs to a project the authenticated user doesn’t have access to. By sending a request to update a...
Sourcecodester Online Discussion Forum Site 跨站请求伪造漏洞
Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. An online discussion forum. A security vulnerability in Sourcecodester Online Discussion Forum Site version 1.0, which stems from an issue in the saveusers function, allows an unauthenticated attacker to arbitrarily...
PT-2022-20670 · Online Discussion Forum Site +1 · Online Discussion Forum Site
Name of the Vulnerable Software and Affected Versions: Online Discussion Forum Site 1 affected versions not specified Description: The issue allows unauthenticated attackers to arbitrarily create or update user accounts due to a problem in the save users function. Recommendations: At the moment,...
CVE-2022-24040
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...
CVE-2022-24040
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...
Input validation
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...
CVE-2021-37221
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file...
Customer Relationship Management System (CRM) 1.0 - Remote Code Execution Exploit
Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...
CVE-2020-35273
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery CSRF to remotely gain privileges in the User Profile panel. An attacker can update any user's account...
Business Logic Errors in braitsch/node-login
Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...
CVE-2017-2721
Some Huawei smart phones with software...