105 matches found
CVE-2022-46999
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...
CVE-2022-46999
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...
CVE-2022-46999
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...
CVE-2022-46999
Tuzicms v2.0.6 contains a SQL injection vulnerability in the App\Manage\Controller\UserController.class.php, caused by unsafe SQL handling in UserController.class.php. CVSS 3.1 base score 9.8 (CRITICAL) with high impact to confidentiality, integrity, and availability. Remediation: upgrade to a ne...
PT-2023-15127 · Tuzicms · Tuzicms
Name of the Vulnerable Software and Affected Versions: Tuzicms version 2.0.6 Description: A SQL injection issue was found in the UserController.class.php component, located in AppManageController. Recommendations: For Tuzicms version 2.0.6, update to a newer version that contains a fix for this...
PT-2022-27404 · Unknown · Rainygao Docsys
Name of the Vulnerable Software and Affected Versions: RainyGao DocSys affected versions not specified Description: A critical issue has been found in RainyGao DocSys, affecting an unknown functionality of the component com.DocSystem.controller.UserControllergetUserImg. The manipulation leads to...
EyouCms 安全漏洞
Zanzan Network Technology EyouCms Eyou CMS is a set of open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms v1.5.4, which originates from the lack of parameter filtering in usercontrollershop.php...
Authentication Bypass
spreeauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both below: 1Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given before the :loadobject hook in...
Authentication Bypass
solidusauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both: 1Executed whether as: A beforeaction callback the default 2A prependbeforeaction option prepend: true given before the :loadobject hook in...
CVE-2021-41274
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
CVE-2021-41274
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
Cross site request forgery (csrf)
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
CVE-2021-41274 Authentication Bypass by CSRF Weakness
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
ShowDoc Cross-Site Request Forgery Vulnerability
ShowDoc is an open source tool for IT teams to share documents online. ShowDoc is vulnerable to cross-site request forgery, which stems from the lack of effective filtering and restriction of cookies set in the software's UserController.class.php, and can be exploited by attackers to cause...
Cross-Site Request Forgery (CSRF)
showdoc/showdoc is vulnerable to cross-site request forgery. An attacker can add arbitrary members to the team through the register function in UserController.class.php...
showdoc 跨站请求伪造漏洞
ShowDoc is an open source tool for IT teams to share documents online. ShowDoc is vulnerable to cross-site request forgery, which stems from the lack of effective filtering and restriction of cookies set in the software's UserController.class.php, and can be exploited by attackers to cause...
showdoc 跨站请求伪造漏洞
ShowDoc is an open source tool for IT teams to share documents online.ShowDoc is vulnerable to cross-site request forgery, which stems from the lack of effective filtering and restriction of cookies set in the software's UserController.class.php, which can be exploited by attackers to cause a...
CVE-2020-23811
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java...
Information disclosure
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java...
CVE-2020-23811
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java...