Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS5.2AI score0.0015EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to enhance their privileges.

The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by adding user accounts to administrative groups...

9CVSS7.5AI score0.00632EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/04 8:15 p.m.3 views

CVE-2020-21139

EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add...

6.5CVSS5.8AI score
Exploits0References1
CNVD
CNVD
added 2019/03/12 12:0 a.m.1 views

sftnow Cross-Site Request Forgery Vulnerability

sftnow is an enterprise portal system which includes news category management, release management and permission management. A cross-site request forgery vulnerability exists in sftnow 2018-12-29 and earlier versions, which can be exploited by remote attackers to add admin accounts...

8.8CVSS6.9AI score0.0065EPSS
Exploits1References1
Rows per page
Query Builder