Cross site request forgery (csrf)

There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile including the password can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the...

Code injection

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...

CVE-2017-11756

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...

Cross site request forgery (csrf)

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...

CVE-2015-8624

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...

CVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

Cross site request forgery (csrf)

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

CVE-2015-8623

The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...

services.sportium.es XSS vulnerability

Vulnerable URL: https://services.sportium.es/sportium/gestor-promo-apuestas-vip/user.php?callback=prompt/OPENBUGBOUNTY/...

hdwiki user.php SQL Injection Vulnerability

Interactive Wiki open source system HDwiki is by the interactive online Beijing Technology Co., Ltd. launched a free wiki Wiki building system. A SQL injection vulnerability exists in hdwiki user.php, which allows attackers to exploit the vulnerability to obtain sensitive information from the...

HDWiki 5.1 /control/user. php, etc. 2 SQL injection vulnerability

HDWiki description Interactive wiki open source systems HDWiki as China's first with independent intellectual property rights of the Chinese Wiki（Wiki）system, the interactive online（Beijing）Technology Co., Ltd. in 2006 to 11 November 28 the official launch, and strive for domestic and foreign man...

phpshe v1.1 user.php sql注入

No description provided by source...

MediaWiki 'includes/User.php' Security Bypass Vulnerability

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security bypass vulnerability exists in MediaWiki. An attacker could use th...

mpa-pro.fr XSS vulnerability

Vulnerable URL: http://www.mpa-pro.fr/auth.php?redirect=%2Fuser.php Details: Description| Value ---|--- Patched:| Yes, at 06.12.2015 Latest check for patch:| 06.12.2015 01:39 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1107271 Google Pagerank| 1 VIP website...

bcconsul.ru XSS vulnerability

Vulnerable URL: http://www.bcconsul.ru/bbs/user.php?EMAIL=--!%3E%22%3E%3C/script%20%3E%3Ciframe/onload=alert%28/XSSPOSED/%29%3E=vjkjrj Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

ECShop 2.5 /user.php SQL注入

No description provided by source...

CVE-2015-2271

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as...

UCenter 1.6.0 /control/admin/user.php 验证码绕过漏洞

No description provided by source...

mcms最新版SQL注入一枚

简要描述： mcms最新版SQL注入一枚 详细说明： 掌易科技的程序员反应相当快啊，确认漏洞当天就修复以后出新版本了，前面在wooyun提的几个漏洞新版的mcms做了相应的处理，发布了新版v3.1.3.enterprise，再来研究研究。 注入一枚：/app/public/user.php?m=recharge&ajax=1 POST中有个参数params存在注入。 function mrecharge global $dbm; checklevel'C0503',AJAX; $fields = array;...

ECSHOP 2.7.2 /mobile/user.php SQL注入漏洞

No description provided by source...