xxl-job Information Disclosure Vulnerability

xxl-job is a distributed task scheduling platform with core design goals of rapid development, simple learning, lightweight, and easy scalability. An information disclosure vulnerability exists in xxl-job 2.2.0, which can be exploited by an attacker to obtain username, model, and password...

CVE-2020-9456

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users with minimal privileges to elevate their privileges to administrator via classrmusercontroller.php rmuseredit...

CVE-2020-9456

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users with minimal privileges to elevate their privileges to administrator via classrmusercontroller.php rmuseredit...

SQL Injection in marginalia

marginalia 1.6 is affected by SQL Injection. The impact is an injection of any SQL queries when a user controller argument is added as a component. This issue affects users that add a component that is user controller, for instance a parameter or a header. The attack vector is inputting of SQL to...

SQL injection vulnerability via Marginalia::Comment

The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...

SQL Injection

marginalia is vulnerable to sql injections. The vulnerability exists in an unknown functionality of User Controller in marginalia. An attacker might be able to inject an SQL to a vulnerable vector header, http parameter, etc or change existing SQL statements which would modify the database...

CVE-2019-1010191

marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...

CVE-2019-1010191

marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...

Sql injection

marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...

CVE-2019-1010191

marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...

CVE-2019-1010191

CVE-2019-1010191 affects the Ruby gem marginalia (and related advisories) before version 1.6. The vulnerability is SQL Injection: if a user controller argument is used as a component (e.g., a parameter or header), an attacker can inject arbitrary SQL queries via a vulnerable vector (header, HTTP ...

PT-2019-12140 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 4.0 Description: The issue concerns the applicationadmincontrollerUser.php file in ThinkAdmin V4.0, where it fails to prevent the continued use of an administrator's cookie-based credentials after a password change. This...

CVE-2019-3576

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATHINFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserControllerdeleteFavorite aka deleteFavorite in...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2018-18794

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit...

CVE-2018-18794

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit...

CVE-2018-18794

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit...

CVE-2018-16141

ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in doavatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server...

Session fixation

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

ShopsN v2.0 official version of the front-end UserController.class.php file SQL injection vulnerability

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end UserController.class.php file SQL injection vulnerability . As the system fails to effectively filter the addrdel function. A remote attacker can exploit the vulnerability to obtain sensitive database...