Lucene search
+L

50 matches found

CNNVD
CNNVD
added 2025/07/28 12:0 a.m.5 views

PHPGurukul Car Rental Project 安全漏洞

Car Rental Project is a car rental program. Car Rental Project suffers from a session hijacking vulnerability that stems from the /carrental/update-password.php component not properly terminating a session. No details of the vulnerability are provided at this time...

7.1CVSS6.8AI score0.00322EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.12 views

PT-2025-31148 · Unknown · Phpgurukul Car Rental Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 3.0 Description: Improper session invalidation in the /carrental/update-password.php component allows attackers to execute a session hijacking attack. Recommendations: Address the session invalidation iss...

7.1CVSS6.7AI score0.00322EPSS
Exploits1References7
OSV
OSV
added 2025/07/20 1:15 a.m.5 views

CVE-2025-7859

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/updatepasswordadmin.php. The manipulation of the argument newpassword leads to sql injection. The attack can be initiated remotely. The exploi...

9.8CVSS5.8AI score0.00394EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/20 12:2 a.m.7 views

CVE-2025-7859 code-projects Church Donation System update_password_admin.php sql injection

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/updatepasswordadmin.php. The manipulation of the argument newpassword leads to sql injection. The attack can be initiated remotely. The exploi...

7.5CVSS7.5AI score0.00394EPSS
Exploits1References5
CVE
CVE
added 2025/07/20 12:2 a.m.22 views

CVE-2025-7859

The CVE-2025-7859 entry concerns code-projects Church Donation System 1.0. A SQL injection vulnerability exists in the file /members/update_password_admin.php triggered by manipulating the new_password parameter. The vulnerability is exploitable remotely, and exploits have been disclosed publicly...

9.8CVSS7.6AI score0.00394EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.7 views

Code-Projects Church Donation System 安全漏洞

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter newpassword in the file /members/updatepasswordadmin.php against an externally entered SQL statement. An...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.6 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

8.8CVSS7.1AI score0.00869EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.8 views

CVE-2021-37393

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

5.4CVSS6.1AI score0.00527EPSS
Exploits1References1
OSV
OSV
added 2025/05/06 11:15 a.m.7 views

CVE-2025-40624

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and...

9.8CVSS5.8AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 10:22 a.m.10 views

SUSE-SU-2024:4284-1 Security update for curl

This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances bsc1234068...

3.4CVSS4AI score0.01378EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2024/10/25 5:15 p.m.3 views

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

8.8CVSS5.8AI score0.00513EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.6 views

PT-2024-21368 · Cegid · Cegid Meta4 Hr

Name of the Vulnerable Software and Affected Versions: Cegid Meta4 HR affected versions not specified Description: An Unrestricted Upload of File issue allows an attacker to upload malicious files to the server via the "/config/espanol/update password.jsp" file. By modifying the M4 NEW PASSWORD...

9CVSS6.5AI score0.00553EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.11 views

PT-2023-31077 · WordPress · Login With Phone Number Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to, and including, 1.5.6 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the lwp update password action function. This allows...

8.8CVSS8.5AI score0.00324EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.30 views

File Tracker Manager System SQL注入漏洞

File Tracker Manager System is a file tracker manager system. File Tracker Manager System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter newpassword in the file register/updatepassword.php against externally entered SQL statements. A...

9.8CVSS8.1AI score0.00726EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/02/04 7:34 a.m.28 views

CVE-2023-0674 XXL-JOB New Password updatePwd cross-site request forgery

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely...

5CVSS6.6AI score0.00387EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/04 12:0 a.m.6 views

XXL-JOB 跨站请求伪造漏洞

XXL-JOB is a distributed task scheduling platform based on java language from XU Xueli XXL-JOB community. A cross-site request forgery vulnerability exists in XXL-JOB version 2.3.1, which stems from some unknown functionality in the file /user/updatePwd of the component New Password Handler,...

6.5CVSS5AI score0.00387EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/02/04 12:0 a.m.6 views

PT-2023-16444 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: XXL-JOB version 2.3.1 Description: A vulnerability has been found in the New Password Handler component, specifically affecting some unknown functionality of the file /user/updatePwd. This issue leads to cross-site request forgery and can be...

6.5CVSS4.9AI score0.00387EPSS
Exploits1References9
GithubExploit
GithubExploit
added 2021/08/28 4:21 a.m.317 views

Exploit for Code Injection in Moodle

CVE-2021-36394 Update table or Change password Admin: C...

9.8CVSS8.5AI score0.07034EPSS
Exploits2
NVD
NVD
added 2021/07/26 6:15 p.m.17 views

CVE-2021-37393

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

5.4CVSS0.00527EPSS
Exploits1References2
OSV
OSV
added 2021/07/26 6:15 p.m.5 views

CVE-2021-37393

In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the...

5.4CVSS5.8AI score0.00527EPSS
Exploits1References2
Rows per page
Query Builder