50 matches found
PHPGurukul Car Rental Project 安全漏洞
Car Rental Project is a car rental program. Car Rental Project suffers from a session hijacking vulnerability that stems from the /carrental/update-password.php component not properly terminating a session. No details of the vulnerability are provided at this time...
PT-2025-31148 · Unknown · Phpgurukul Car Rental Project
Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 3.0 Description: Improper session invalidation in the /carrental/update-password.php component allows attackers to execute a session hijacking attack. Recommendations: Address the session invalidation iss...
CVE-2025-7859
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/updatepasswordadmin.php. The manipulation of the argument newpassword leads to sql injection. The attack can be initiated remotely. The exploi...
CVE-2025-7859 code-projects Church Donation System update_password_admin.php sql injection
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/updatepasswordadmin.php. The manipulation of the argument newpassword leads to sql injection. The attack can be initiated remotely. The exploi...
CVE-2025-7859
The CVE-2025-7859 entry concerns code-projects Church Donation System 1.0. A SQL injection vulnerability exists in the file /members/update_password_admin.php triggered by manipulating the new_password parameter. The vulnerability is exploitable remotely, and exploits have been disclosed publicly...
Code-Projects Church Donation System 安全漏洞
The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter newpassword in the file /members/updatepasswordadmin.php against an externally entered SQL statement. An...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
CVE-2021-37393
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...
CVE-2025-40624
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and...
SUSE-SU-2024:4284-1 Security update for curl
This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances bsc1234068...
CVE-2022-30358
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...
PT-2024-21368 · Cegid · Cegid Meta4 Hr
Name of the Vulnerable Software and Affected Versions: Cegid Meta4 HR affected versions not specified Description: An Unrestricted Upload of File issue allows an attacker to upload malicious files to the server via the "/config/espanol/update password.jsp" file. By modifying the M4 NEW PASSWORD...
PT-2023-31077 · WordPress · Login With Phone Number Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to, and including, 1.5.6 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the lwp update password action function. This allows...
File Tracker Manager System SQL注入漏洞
File Tracker Manager System is a file tracker manager system. File Tracker Manager System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter newpassword in the file register/updatepassword.php against externally entered SQL statements. A...
CVE-2023-0674 XXL-JOB New Password updatePwd cross-site request forgery
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely...
XXL-JOB 跨站请求伪造漏洞
XXL-JOB is a distributed task scheduling platform based on java language from XU Xueli XXL-JOB community. A cross-site request forgery vulnerability exists in XXL-JOB version 2.3.1, which stems from some unknown functionality in the file /user/updatePwd of the component New Password Handler,...
PT-2023-16444 · Xxl-Job · Xxl-Job
Name of the Vulnerable Software and Affected Versions: XXL-JOB version 2.3.1 Description: A vulnerability has been found in the New Password Handler component, specifically affecting some unknown functionality of the file /user/updatePwd. This issue leads to cross-site request forgery and can be...
Exploit for Code Injection in Moodle
CVE-2021-36394 Update table or Change password Admin: C...
CVE-2021-37393
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...
CVE-2021-37393
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...