31 matches found
EUVD-2020-13372
Malware in sbrugna...
CVE-2024-31612
Emlog pro2.3 is vulnerable to Cross Site Request Forgery CSRF via twitter.php which can be used with a XSS vulnerability to access administrator information...
CVE-2020-20586
A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...
OpenCTI 授权问题漏洞
OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. An authorization issue vulnerability exists in OpenCTI version 6.2.18 and earlier, which stems from insufficient access control to support information, allowing a normal user to access information that is...
CVE-2024-31612
Emlog pro2.3 is vulnerable to Cross Site Request Forgery CSRF via twitter.php which can be used with a XSS vulnerability to access administrator information...
CVE-2024-31612
Emlog pro2.3 is vulnerable to Cross Site Request Forgery CSRF via twitter.php which can be used with a XSS vulnerability to access administrator information...
PT-2024-24153 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: Emlog pro version 2.3 Description: The issue allows for Cross Site Request Forgery CSRF via the twitter.php file, which can be exploited in conjunction with a Cross Site Scripting XSS vulnerability to access administrator information...
CVE-2024-31612
Emlog pro2.3 is vulnerable to Cross Site Request Forgery CSRF via twitter.php which can be used with a XSS vulnerability to access administrator information...
CVE-2024-31612
Emlog pro2.3 is vulnerable to Cross Site Request Forgery CSRF via twitter.php which can be used with a XSS vulnerability to access administrator information...
CVE-2024-31612
CVE-2024-31612 affects Emlog Pro 2.3. The Red Hat/NVD/OSV/ other entries describe a CSRF vulnerability via twitter.php that can be combined with a Cross-Site Scripting (XSS) issue to access administrator information. This is the explicit vulnerability mechanism provided in the connected documents...
PT-2024-22179 · Fujifilm · Fujifilm Printers
Name of the Vulnerable Software and Affected Versions: FUJIFILM printers affected versions not specified Description: A cross-site request forgery issue allows a remote unauthenticated attacker to alter user information. If the targeted user is an administrator, settings such as the administrator...
IDOR - Users can change Administrator information (User ID = 1 )
Description IDOR - Users can change Administrator information User ID = 1 Proof of Concept 1 .Create an account with all rights. 2 .Detect default the administrator user ID = 1 information cannot be changed. 3 .Broken access control, can change administrator information user ID = 1 Video Poc...
CVE-2023-35800
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...
PT-2022-27207 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.5.9-UTF8-SP1 Description: A Cross-Site Request Forgery CSRF issue was discovered in the Edit Admin Profile module, allowing attackers to arbitrarily change Administrator account information. Recommendations: For EyouCMS...
xyhcms cross-site request forgery vulnerability (CNVD-2021-50087)
xyhcms is a software application. A completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcmsV3.6 has a security vulnerability that can be exploited by an attacker to edit any information about an administrator, such as name, email and password...
HadSky Light Forum program has an override access vulnerability
HadSky Light Forum program is a personal original PHP system. A vulnerability exists in the HadSky Light Forum program that can be exploited by an attacker to gain unauthorized access to administrator information...
SQL Injection Vulnerability in ED01-CMS
ED01-CMS is a content management system. ED01-CMS suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain sensitive information about an administrator...
Stored XSS Vulnerability in QCMS Website Management System
QCMS is a free, open source, easy to use, responsive website management system. A stored XSS vulnerability exists in the QCMS website management system, which can be exploited to obtain administrator account information...
CVE-2019-4058
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570...
Information leakage vulnerability in de***.php file of Dandelion online teaching system
Dandelion Online Teaching System is the website of Shenzhen Tomorrow See Technology Co., Ltd, which is an innovative science and technology enterprise focusing on the research and development of videoconferencing, video teaching and telemedicine system. There is an information leakage vulnerabili...