CVE-2026-8747

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zbsystem/function/csystemevent.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made...

PT-2026-41539

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb system/function/c system event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been...

WordPress plugin WPGraphQL 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-27271

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

CVE-2020-10502

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...

EUVD-2020-2955

Malware in sbrugna...

GHSA-P8G6-5MG7-9R5Q Drupal REST API can bypass comment approval

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

Drupal REST API can bypass comment approval

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

Cross-Site Request Forgery in ForkCMS

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

CVE-2020-10502

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...

CVE-2020-10502

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...

PT-2020-12172 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to approve any comment by providing the id via a crafted request to the admin/manage-comments.php endpoint. Recommendations: For version 9, consider...

CVE-2017-6924 REST API can bypass comment approval - Access Bypass - Moderately Critical

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

WordPress FuneralPress 1.1.6 Cross Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...

GuestBook Scripts PHP v1.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= GuestBook Script PHP is a script that is very easy to install,...