4 matches found
Improper Access Control
getgrav/grav is vulnerable to improper access control. The vulnerability is due to insufficient restriction on the "Frontmatter" form, which allows a low-privileged user to read sensitive server files and exploit them to compromise user accounts...
CVE-2023-40539
...
Weak Password Requirements
publifycore is vulnerable to Weak Password Requirements. A remote attacker can easily compromise user accounts due to missing password strength constraints...
Cross site request forgery (csrf)
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request...