24 matches found
CVE-2026-47366
Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...
CVE-2026-47366
Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...
CVE-2026-47366
CVE-2026-47366 describes an improper verification of access permissions in the Administration Control Panel . An authenticated administrator could modify permissions and grant rights beyond their authorized level, resulting in privilege escalation within the administrative interface. The document...
EUVD-2026-36377
Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...
CVE-2026-47366
Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...
EUVD-2022-5363
Malicious code in bioql PyPI...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
FUDForum Remote Code Execution Vulnerability
FUDForum is a PHP-based open source forum software.FUDForum versions prior to 3.1.2 are vulnerable to remote code execution. An attacker can use this vulnerability to execute remote code with the help of the upload file function of the file management system in the administration control panel...
FUDForum Cross-Site Scripting Vulnerability (CNVD-2022-70052)
FUDForum is a PHP-based forum software. version 3.1.2 of FUDForum contains a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks with the help of the pageu title parameter of the page manager in the administration control panel...
GHSA-VJ3X-VFM4-HVXC phpBB Cross-Site Request Forgery (CSRF)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
phpBB Cross-Site Request Forgery (CSRF)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
Online Polling System SQL Injection
Exploit Title: Online Polling System Authentication Bypass SQL Injection Date: July 2020 Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass Unthenticated User perform SQL Injectio...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
Cross site request forgery (csrf)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
CVE-2019-16993
CVE-2019-16993 affects phpBB
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
Session Token In URL
PhpBB sends the session token via a GET parameter in the URL. Due to the way phpbb works, having the session ID is not enough for a remote attacker to gain access to the application since the session tokens are tied to an IP address. However, with knowledge of the administrator's session ID, the...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
Cross site request forgery (csrf)
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...