147 matches found
PT-2026-6547
Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description User passwords are stored in plaintext. An attacker with high privileges can view user passwords on the user editing page. The vendor was notified of this issue but...
PT-2026-5034
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an electronic health records and medical practice management application. A broken access control exists in the Profile Edit endpoint. An authenticated user can modify request parameters...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
PT-2025-48317
Name of the Vulnerable Software and Affected Versions Cerebrate versions prior to 1.30 Description The UsersController::edit function in Cerebrate allows an authenticated, non-privileged user to escalate their privileges, potentially obtaining a higher role such as administrator. This is achieved...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2025-13257
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...
Inventory Management System SQL注入漏洞
Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Inventory Management System version 1.0, which originates from an incorrect manipulation of the parameter ID in the file /admin/user/index.php?view=edit, which...
CVE-2025-12288
A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...
Bdtask Pharmacy Management System 安全漏洞
Bdtask Pharmacy Management System is a pharmacy management system from Bdtask Bangladesh. A security vulnerability exists in Bdtask Pharmacy Management System version 9.4 and earlier, which stems from an incorrect manipulation of the file /user/edituser, which could lead to authorization bypass...
CVE-2025-11585
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
EUVD-2020-23982
Malware in sbrugna...
EUVD-2019-1843
Malware in sbrugna...
EUVD-2019-8023
Malware in sbrugna...
EUVD-2022-49384
Malicious code in bioql PyPI...
EUVD-2025-31389
Malicious code in bioql PyPI...
EUVD-2023-2588
Malicious code in bioql PyPI...
CVE-2025-11041
A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...
CVE-2025-11041 itsourcecode Open Source Job Portal index.php sql injection
A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...