6 matches found
EUVD-2026-41805
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
EUVD-2021-26707
Malware in sbrugna...
CuppaCMS Elevation of Privilege Vulnerability
CuppaCMS is a Content Management System CMS. An elevation of privilege vulnerability exists in CuppaCMS, which stems from a faulty programmatic call to a high-level native procedure. An authenticated attacker uses the usergroupidfield parameter to gain escalated privileges via a crafted POST...
CVE-2021-3376
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the usergroupidfield parameter...
SUSE-SU-2020:3094-1 Security update for pacemaker
This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly bsc1173668 - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: quote shell variables in agent code where appropriate bsc1175557 - fencer: restrict certain IPC...
K-iwi Framework SQL Injection Vulnerability
K-iwi Framework is an open source application development framework developed using PHP. A SQL injection vulnerability exists in K-iwi Framework version 1775. A remote attacker can exploit this vulnerability by sending the 'usergroupid' parameter or the 'userid' parameter to admin/user/group/upda...