3 matches found
CVE-2026-59190
Grav plugin: grav-plugin-admin is affected. In versions ≤1.10.52, an authenticated user with admin.users permission can escalate privileges by altering another user’s password via POST to /admin/user/{username}?task=save with data[password]. The vulnerability stems from saveUser validating the ca...
CVE-2021-27963
SonLogger before 6.4.1 is affected by user creation with any user permissions profile e.g., SuperAdmin. An anonymous user can send a POST request to /User/saveUser without any authentication or session header...
SonLogger 访问控制错误漏洞
Sonlogger is a Turkish Sonlogger company's application. It provides firewall log analysis and location capabilities. A security vulnerability exists in SonLogger before 6.4.1 that allows unauthenticated uploads of arbitrary files An attacker can send a POST request to /User/saveUser without any...