CMSUsina 2.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : CMSUsina V2.2.3 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

Denial Of Service (DoS)

getkirby/cms is vulnerable to Denial of Service. The vulnerability exists in the validatePassword function in User.php because it does not limit the password length, which can cause CPU and memory resource exhaustion when hashing if the attacker submits a password thats the the max size of a...

Cross site scripting

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site...

CVE-2023-3465

CVE-2023-3465 affects SimplePHPscripts Classified Ads Script 1.8. The vulnerability resides in the HTTP POST Request Handler, specifically the file user.php, where manipulating the title argument enables cross-site scripting. Attacks are described as remotely explitable. The recommended fix is up...

SimplePHPscripts Classified Ads Script 跨站脚本漏洞

SimplePHPscripts Classified Ads Script is an advertisement tool that can be embedded in websites. A cross-site scripting vulnerability exists in SimplePHPscripts Classified Ads Script version 1.8, which stems from an issue with the file user.php, where manipulation of the parameter title can lead...

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists in user.php because the username parameter is not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

Information Exposure

microweber/microweber, is vulnerable to information exposure. The vulnerability exists in User.php, allowing an attacker to read sensitive information in the system...

Privilege Escalation

thorsten/phpmyfaq is vulnerable to Privilege Escalation. The vulnerability exists because of the insufficient permission checks in the user.php, which allows an attacker to gain escalated privilege through the isSuperAdmin feature...

CVE-2023-26817

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution RCE vulnerability via the component /controllers/api/user.php...

CVE-2023-26817

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution RCE vulnerability via the component /controllers/api/user.php...

CVE-2023-26817

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution RCE vulnerability via the component /controllers/api/user.php...

CVE-2023-26817

CVE-2023-26817 concerns CodeFever before 2023.2.7-commit-b1c2e7f, with a remote code execution flaw in the component /controllers/api/user.php. Multiple connected sources corroborate the RCE in this version range and cite a high impact (CVSS 3.1: 8.8, HIGH) with NETWORK attack vector and LOW priv...

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in the fillpreferencescache function of user.php due to insufficient limitations on the "start page" preference which allows a remote attacker to gain unauthorized access to the restricted functionalities of the...

Insecure Random Number Generator

phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists in the generatePasswordResetToken function of User.php because of the insecure mtrand random number generator function which allows an attacker to guess the reset password hashes...

Insecure Random Number Generator

phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists because of the insecure mtrand random number generator function in the loginWithCookieData function of User.php, allowing an attacker to guess the strings it generates...

PHPServerMon PRNG has Insufficient Entropy

A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may b...

CVE-2021-4241

A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may b...

CVE-2021-4241 phpservermon User.php setUserLoggedIn predictable algorithm in random number generator

A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may b...

CVE-2021-4240 phpservermon User.php generatePasswordResetToken predictable algorithm in random number generator

A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the publ...

PT-2022-10699 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SEMCMS version 1.2 Description: The issue is related to SQL Injection via the SEMCMS User.php file. Recommendations: For SEMCMS version 1.2, update to a version that fixes the SQL Injection issue in SEMCMS User.php...