79 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-26247
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As an unauthenticated remote user, visit http:///authchangepassword.php?ref=alert1 to successfully execute the JavaScript payload present in the ref URL...
Linux Distros Unpatched Vulnerability : CVE-2023-39364
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2022-48547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in...
CVE-2025-50674
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...
openmediavault 安全漏洞
openmediavault is openmediavault open source a Debian Linux based network storage NAS solution. It includes services such as SSH, SFTP, SMB / CIFS, DAAP media server, RSync, BitTorrent client and more. Due to the modular design of the framework, it can be enhanced with plugins. A security...
CVE-2025-50674
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root...
Student Result Management System /elms/emp-changepassword.php Component Session Hijacking Vulnerability
Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from an improperly disabled session in component /elms/emp-changepassword.php, no details of the vulnerability are available at this...
CVE-2025-50490
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...
CVE-2025-50490
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack...
CVE-2025-7127 itsourcecode Employee Management System changepassword.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to initiate the attack...
The vulnerability of the changepassword.php (/admin/changepassword.php) script of the Employee Management System allows a perpetrator to execute arbitrary code.
The vulnerability of the changepassword.php /admin/changepassword.php script of the Employee Management System is related to the failure to remove special elements during the processing of the currentpassword parameter. Exploiting this vulnerability allows an attacker operating remotely to execut...
CVE-2025-6502
CVE-2025-6502 affects code-projects’ Inventory Management System 1.0. The vulnerability arises from unsafely handling the user_id parameter in the file /php_action/changePassword.php , enabling SQL injection . The attack is described as remotely exploitable and the exploit has been publicly discl...
Code-Projects Inventory Management System 安全漏洞
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the /phpaction/changePassword.php file against an externally entered SQL statement. An...
CVE-2021-44554
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...
Employee Record Management System changepassword.php File SQL Injection Vulnerability
Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter currentpassword in the file changepassword.php. An...
CVE-2025-4164
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely...
CVE-2025-4164
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely...
CVE-2025-4164 PHPGurukul Employee Record Management System changepassword.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely...
CVE-2025-4164 PHPGurukul Employee Record Management System changepassword.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely...
PHPGurukul Employee Record Management System 注入漏洞
Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter currentpassword in the file changepassword.php. An...