105 matches found
PT-2024-26285 · Svnwebui · Svnwebui
Name of the Vulnerable Software and Affected Versions: svnWebUI version 1.8.3 Description: The issue allows attackers to delete arbitrary files by sending a crafted POST request. This is achieved via the dirTemps parameter under the com.cym.controller.UserControllerimportOver function...
Design/Logic Flaw
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...
CVE-2024-25625 Pimcore Host Header Injection in user invitation link
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...
GHSA-4847-GQXX-V9XP ThinkCMF Cross-site Scripting Vulnerability
Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...
PT-2023-11743 · Thinkcmf · Thinkcmf
Name of the Vulnerable Software and Affected Versions: ThinkCMF version 5.1.5 Description: The issue is a Cross Site Scripting XSS vulnerability in the UserController.php file, which allows attackers to execute arbitrary code via a crafted user login. This can lead to unauthorized access and...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
Information disclosure
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
Jeesite v1.2.6 has a vulnerability in the delete function of the UserController that allows authenticated attackers to arbitrarily delete the Administrator’s role information. Multiple sources (NVD, RH, OSV, CVE lists, and PTSecurity) confirm the affected software/version and the underlying issue...
PT-2023-26718 · Jeesite · Jeesite
Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the UserController class allows authenticated attackers to arbitrarily delete the Administrator's role information. Recommendations: For jeesite version 1.2.6, consider...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
Design/Logic Flaw
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...
PT-2023-19753 · Unknown · Dreamer Cms
Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions up to 4.1.3 Description: A vulnerability was found in the Password Hash Calculation component, specifically affecting the updatePwd function of the UserController.java file. This issue leads to inefficient algorithmic...
Exposure of Sensitive Information in OpenGoofy Hippo4j
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
Design/Logic Flaw
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
PT-2023-20952 · Unknown · Opengoofy Hippo4J
Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to escalate privileges via the AddUser method of the UserController function in the Tenant Management module. This is due to an Insecure Permissions vulnerability...
Exposure of Sensitive Information in OpenGoofy Hippo4j
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
CVE-2023-27095
OpenGoofy Hippo4j v1.4.3 has an Insecure Permissions vulnerability allowing privilege escalation via the AddUser method in the UserController of the Tenant Management module. The root cause is insecure permission handling, enabling an attacker to elevate privileges. The CVE entry cites impact on ...