CVE-2026-8194

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument method leads to cross-site request forgery. Remote exploitation of the attack is possible. Th...

CVE-2026-8194

CVE-2026-8194 affects osTicket up to version 1.18.3, specifically the Dispatcher component’s file include/class.dispatcher.php. The vulnerability arises from manipulation of the _method argument, enabling cross-site request forgery with remote exploitation reportedly possible. Public exploit deta...

CVE-2023-32313 Inspect method manipulation in vm2

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

CVE-2022-3946 Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

CVE-2022-34773

Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection...

Design/Logic Flaw

Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection...

CVE-2022-34773 Tabit - HTTP Method manipulation

Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection...

CVE-2022-34773

CVE-2022-34773 affects Tabit: HTTP Method manipulation via the endpoint https://bridge.tabit.cloud/configuration/addresses-query. The linked records describe that a POST to this URL can add addresses to the database, classed as OWASP API8 – Injection, indicating input/output handling weaknesses a...

PT-2022-22324 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns HTTP Method manipulation, where the endpoint "https://bridge.tabit.cloud/configuration/addresses-query" can be exploited by sending a POST request to add addresses to the...

CVE-2022-34773

Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection...

CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

CGI Hack finishing-vulnerability warning-the black bar safety net

The General idea, skip the limit, view sensitive files and password-related files. Write the word cgi, into the background try pass webshell（background if the authentication or MD5 over time, you can try to cookies spoofing, local submit, and look for the executable in the directory and the...