CVE-2026-9562 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...

Student-Management-System 访问控制错误漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. The STUDENT-MANAGEMENT-SYSTEM contains a security vulnerability related to access control. This vulnerability stems from improper access control measures in the Dashboard component, which may...

CVE-2026-5464

The ExactMetrics – Google Analytics Dashboard for WordPress Website Stats Plugin plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboardingkey' transient to a...

CVE-2026-0397

Summary: CVE-2026-0397 involves information disclosure via a CORS misconfiguration when the internal webserver is enabled. The root cause is a misconfigured Cross-Origin Resource Sharing policy that can allow an administrator, while logged into the dashboard, to be tricked into visiting a malicio...

CVE-2021-27700

SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc...

CVE-2026-4314

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 POC: Nginx UI Unauthenticated Backup Download +...

CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

CVE-2026-25595

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-25595

InvoicePlane 1.7.0 has a stored XSS vulnerability in the Invoice Number field. An authenticated administrator can inject JavaScript that executes when an admin views the affected invoice or visits the dashboard. The issue is fixed in version 1.7.1. CVSS v3.1 base score is 4.8 (Medium); attack vec...

CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

CVE-2019-25320

CVE-2019-25320 affects E Learning Script 1.0. The vulnerability is an authentication bypass in the login mechanism via the /login.php endpoint, where a crafted payload (e.g. "=' or '") allows an attacker to bypass valid credentials and access the dashboard. Per provided metrics, CVSS v3.1 base sc...

CVE-2019-25320 elearning-script 1.0 - Authentication Bypass

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

CVE-2019-25320 elearning-script 1.0 - Authentication Bypass

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

PT-2026-7920

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

CVE-2020-37156

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access...

CVE-2020-37156

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access...

CVE-2020-37156 BloodX 1.0 - Authentication Bypass

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access...

CVE-2020-37156

BloodX 1.0 contains an authentication bypass in login.php that allows bypassing login with a crafted payload containing =''or'. Attackers can access the dashboard without valid credentials. The issue is described with a CVSS v3.1 base score of 6.5 (MEDIUM) and CVSS v4.0 base score of 6.9 (MEDIUM)...