Weak Password Recovery Mechanism for Forgotten Password

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword process. An attacker can gain unauthorized access to any user account,...

Weak Password Recovery Mechanism for Forgotten Password

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...

CVE-2026-7144

The CVE-2026-7144 entry concerns the 1000 Projects Portfolio Management System MCA 1.0. The vulnerability affects the file update_passwd_process.php, where manipulating the argument temp_user yields an authorization bypass. The vulnerability can be exploited remotely and, per the sources, the exp...

1000 Projects Portfolio Management System MCA 授权问题漏洞

The 1000 Projects Portfolio Management System MCA is an open-source combination management system developed by 1000 Projects. Version 1.0 of the 1000 Projects Portfolio Management System MCA has a vulnerability related to authorization. This vulnerability stems from improper handling of the...

CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...

CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

PT-2026-31931

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update password.php via the new password parameter...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to an SQL Injection in update_password.php through the new_password parameter. The root cause is a vulnerable input path in update_password.php that fails to sanitize user-supplied data. The description does not provide exploit details, af...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2025-14696

A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...

EUVD-2025-203322

A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...

Sixun Shanghui Business Management System 授权问题漏洞

Sixun Shanghui Business Management System is a group business management system from Sixun, a Chinese company. An authorization issue vulnerability exists in Sixun Shanghui Business Management System version 4.10.24.3, which stems from a weak password recovery issue in...

PT-2025-51184

A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...

PT-2025-37325

Name of the Vulnerable Software and Affected Versions: iteachyou Dreamer CMS versions through 4.1.3.2 Description: A weakness exists in iteachyou Dreamer CMS related to weak password requirements during some unknown processing of the file /admin/user/updatePwd. Remote exploitation is possible, bu...

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

Car Rental Project Session Hijacking Vulnerability

Car Rental Project is a car rental program. Car Rental Project suffers from a session hijacking vulnerability that stems from the /carrental/update-password.php component not properly terminating a session. No details of the vulnerability are provided at this time...

CVE-2025-50486

Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack...

PT-2025-31148 · Unknown · Phpgurukul Car Rental Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 3.0 Description: Improper session invalidation in the /carrental/update-password.php component allows attackers to execute a session hijacking attack. Recommendations: Address the session invalidation iss...

PHPGurukul Car Rental Project 安全漏洞

Car Rental Project is a car rental program. Car Rental Project suffers from a session hijacking vulnerability that stems from the /carrental/update-password.php component not properly terminating a session. No details of the vulnerability are provided at this time...