219 matches found
CVE-2023-46773
Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation...
CVE-2021-40049
There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization...
WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2024-20767 Adobe Coldfusion Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read', 'Description' = %q This module exploits an Improper Access Vulnerability in Adobe...
PMS 2024 1.0 SQL Injection
Titles: PMS-2024 - PHP by: oretnom23 v1.0 Multiple SQLi Author: nu11secur1ty Date: 07/06/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...
CVE-2023-52719
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-52719
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-52719
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-52719
Technical details about CVE-2023-52719 are not publicly provided in the supplied documents. References mention a privilege-escalation in the PMS module but do not disclose affected products, versions, root cause, or fixes. Monitor for updates.
CVE-2023-52719
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2024-2441
CVE-2024-2441 (VikBooking plugin) : The VikBooking Hotel Booking Engine & PMS for WordPress (before 1.6.8) suffers an insecure direct object reference (IDOR) flaw in its access control, allowing an authenticated user with subscriber privileges or higher to directly access menus and plugin setting...
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version '2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/servermanager/servermanager.c...
The vulnerability of the PMS module of the EMUI operating system of HarmonyOS allows a hacker to elevate their privileges.
The vulnerability of the PMS module of the EMUI operating system of HarmonyOS is related to incorrect default permissions. Exploiting this vulnerability can allow a remote attacker to increase their privileges within the system...
CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...
CVE-2024-32563 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7...
WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions = 1.6.7 Fixed in 1.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32563 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef5a73c65f96 Credits Majed Refa...
CVE-2024-24817 User can see invitees in events created in PMs and private categories
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...
PT-2024-18001 · WordPress · Paid Membership Subscriptions
Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.11.1 Description: The issue allows unauthorized modification of data due to a missing...
CVE-2023-46773
Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation...