CVE-2020-36906

The connected documents jointly confirm a cross-site request forgery (CSRF) vulnerability in P5 FNIP-8x16A and FNIP-4xSH devices running version 1.0.20. The root cause is a CSRF flaw that allows an attacker to trigger administrative actions without user consent by forcing an authenticated user to...

PT-2026-1441

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2025-15354 itsourcecode Society Management System add_admin.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2019-25247

The CVE-2019-25247 entry applies to the Beward N100 H.264 VGA IP Camera (M2.1.6). The vulnerability is a cross-site request forgery (CSRF) that lets an attacker trigger administrative actions by deceiving a logged-in user with a malicious page (hidden form to add an admin). Root cause: lack of pr...

CVE-2019-25242

The CVE covers FaceSentry Access Control System version 6.4.8, where a cross-site request forgery (CSRF) vulnerability enables an attacker to perform administrative actions without user consent by persuading an authenticated user to load a crafted page. The vulnerability targets the web interface...

CVE-2019-25242 FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

EUVD-2024-47620

Malicious code in bioql PyPI...

CVE-2024-6548

The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...

CVE-2025-4469 SourceCodester Online Student Clearance System add-admin.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is...

SourceCodester Web Based Pharmacy Product Management System 安全漏洞

SourceCodester Web Based Pharmacy Product Management System is an open source web-based pharmaceutical management system from SourceCodester. A security vulnerability exists in SourceCodester Web Based Pharmacy Product Management System version 1.0, which originates from an unvalidated Fullname...

CVE-2025-3821

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. Th...

SourceCodester Web-based Pharmacy Product Management System 代码注入漏洞

SourceCodester Web-based Pharmacy Product Management System is SourceCodester open source a Web-based pharmacy product management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System, which results from incorrect...

CVE-2025-3244

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to...

CVE-2025-3244

CVE-2025-3244 affects SourceCodester Web-based Pharmacy Product Management System 1.0. The vulnerability is in the Create User Page’s file /add-admin.php, where manipulation of the Avatar parameter enables unrestricted file upload, with remote exploitation reported. Several connected sources conf...

CVE-2024-50966

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...

PT-2024-34476 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/doAdminAction.php?act=addAdmin component. This allows for attacker-controlled admin creation, resulting in unauthorized privileged...

Acronis Cyber Infrastructure 5.0.1-61 Cross Site Request Forgery

============================================================================================================================================= | Title : Acronis Cyber Infrastructure 5.0.1-61 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Vehicle Service Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Vehicle Service Management System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

PHP SPM 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : php spm 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | |...