148 matches found
OvalEdge 安全漏洞
OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the userId...
CVE-2023-7288
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...
WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
PT-2024-15269 · WordPress · The Paytium: Mollie Payment Forms & Donations
Name of the Vulnerable Software and Affected Versions: The Paytium: Mollie payment forms & donations plugin for WordPress versions up to, and including, 4.3.7 Description: The issue allows unauthorized data modification due to a missing capability check on the update profile preference function...
Online Notice Board System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Online Notice Board System project 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozil...
CVE-2024-8242
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateuserprofile function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with...
U.S. Dept Of Defense: Email Takeover leads to permanent account deletion
The security vulnerability found allowed an attacker to change the email address of a victim's account, leading to the permanent deletion of the victim's account. The vulnerability was caused by improper authentication on the change email functionality...
CVE-2023-50760
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...
CVE-2023-50753
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
Online Notice Board System Code Issue Vulnerability
Online Notice Board System is an online bulletin board system. A security vulnerability exists in version v1.0 of the Online Notice Board System, which stems from an insecure file upload vulnerability in the f parameter of the user/updateprofilepic.php page...
PT-2024-13967 · Unknown · Online Notice Board System
Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker ...
Online Notice Board System SQL Injection Vulnerability
Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in the v1.0 version of Online Notice Board System, which occurs when the dd parameter of the user/updateprofile.php page is processed without filtering the data and sending it to the database for...
Cross site scripting
Cross Site Scripting XSS in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters...
CVE-2023-46020
Cross Site Scripting XSS in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters...
Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Register a student account and go to the...
WordPress plugin Premium Packages - Sell Digital Products Securely Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
YznCMS 跨站请求伪造漏洞
YznCMS is a backend development framework. A cross-site request forgery vulnerability exists in YznCMS v1.1.0, which stems from insufficiently verifying that a request comes from a trusted user in /public/admin/profile/update.html. An attacker could exploit this vulnerability by constructing a PO...
WordPress Plugin MStore API 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2022-48091
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...
CVE-2022-48091
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...