Lucene search
K

219 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.12 views

CVE-2023-46773

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation...

9.8CVSS7AI score0.00519EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.7 views

CVE-2021-40049

There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization...

7.5CVSS6.4AI score0.00741EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/26 12:0 a.m.3 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS8.8AI score0.00334EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.278 views

CVE-2024-20767 Adobe Coldfusion Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read', 'Description' = %q This module exploits an Improper Access Vulnerability in Adobe...

7.4CVSS7AI score0.98514EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/07/08 12:0 a.m.247 views

PMS 2024 1.0 SQL Injection

Titles: PMS-2024 - PHP by: oretnom23 v1.0 Multiple SQLi Author: nu11secur1ty Date: 07/06/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

7.4AI score
Exploits0
OSV
OSV
added 2024/05/14 2:23 p.m.6 views

CVE-2023-52719

Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 2:23 p.m.15 views

CVE-2023-52719

Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.1CVSS7.1AI score0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/11 9:58 a.m.18 views

CVE-2023-52719

Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.1CVSS7.2AI score0.00164EPSS
Exploits0References2
CVE
CVE
added 2024/05/11 9:58 a.m.41 views

CVE-2023-52719

Technical details about CVE-2023-52719 are not publicly provided in the supplied documents. References mention a privilege-escalation in the PMS module but do not disclose affected products, versions, root cause, or fixes. Monitor for updates.

7.1CVSS7.1AI score0.00164EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2024/05/11 9:58 a.m.19 views

CVE-2023-52719

Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.1CVSS7.3AI score0.00164EPSS
Exploits0References2
CVE
CVE
added 2024/05/10 6:0 a.m.73 views

CVE-2024-2441

CVE-2024-2441 (VikBooking plugin) : The VikBooking Hotel Booking Engine & PMS for WordPress (before 1.6.8) suffers an insecure direct object reference (IDOR) flaw in its access control, allowing an authenticated user with subscriber privileges or higher to directly access menus and plugin setting...

8.1CVSS6.5AI score0.0061EPSS
Exploits2References1Affected Software1
Metasploit
Metasploit
added 2024/05/03 7:55 p.m.286 views

CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read

This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version '2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/servermanager/servermanager.c...

7.4CVSS7.5AI score0.98514EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.7 views

The vulnerability of the PMS module of the EMUI operating system of HarmonyOS allows a hacker to elevate their privileges.

The vulnerability of the PMS module of the EMUI operating system of HarmonyOS is related to incorrect default permissions. Exploiting this vulnerability can allow a remote attacker to increase their privileges within the system...

10CVSS7.8AI score0.00519EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2024/04/18 9:57 a.m.12 views

CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...

7.1CVSS6.9AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/18 9:57 a.m.22 views

CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...

7.1CVSS7.1AI score0.00394EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.8 views

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32563 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef5a73c65f96 Credits Majed Refa...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/22 5:45 p.m.22 views

CVE-2024-24817 User can see invitees in events created in PMs and private categories

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...

4.3CVSS4.8AI score0.00419EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.12 views

CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

5.3CVSS6.7AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-18001 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.11.1 Description: The issue allows unauthorized modification of data due to a missing...

5.3CVSS6.1AI score0.00519EPSS
Exploits0References6
NVD
NVD
added 2023/12/06 9:15 a.m.25 views

CVE-2023-46773

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation...

9.8CVSS0.00519EPSS
Exploits0References2
Rows per page
Query Builder