BIT-MEDIAWIKI-2024-40597

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. The logdeleted attribute is not respected...

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

CVE-2024-40597

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. The logdeleted attribute is not respected...

CVE-2024-23172

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog...

CVE-2024-40598

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. The logdeleted attribute is not applied to entries...

CVE-2024-40596

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

CVE-2023-45367

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cuuseragentclienthints, leading to a...

CVE-2023-29139

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...

CVE-2023-37255

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header...

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

CVE-2024-10166

A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been...

Codezips Sales Management System SQL注入漏洞

Codezips Sales Management System is a Codezips open source sales management system. A SQL injection vulnerability exists in Codezips Sales Management System version 1.0, which originates from the parameter name in the file checkuser.php that can lead to SQL injection...

PT-2024-16079 · Unknown · Codezips Sales Management System

Name of the Vulnerable Software and Affected Versions: Codezips Sales Management System version 1.0 Description: A critical issue has been found in the Codezips Sales Management System, affecting some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to...

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

CVE-2024-47221

Rapid SCADA vulnerability CVE-2024-47221 affects Rapid SCADA versions up to 5.8.4, where CheckUser in ScadaServerEngine/MainLogic.cs permits an empty password. This can enable authentication with no credentials, potentially allowing unauthorized access. The CVSS 3.1 vector indicates Network attac...

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

BIT-MEDIAWIKI-2024-40596

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. TimelineService does not support properly suppressing...