PT-2022-20159 · Unknown · Asith-Eranga Isic Tour Booking

Name of the Vulnerable Software and Affected Versions: asith-eranga ISIC tour booking versions prior to the version published after Feb 13th 2018 Description: The issue allows attackers to execute arbitrary commands via the username parameter to "/system/user/modules/mod users/controller.php". Th...

CVE-2022-42724

app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names this is information that only the site admin should have...

CVE-2022-34134

Jorani v1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /application/controllers/Users.php...

PT-2022-19684 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: An issue was discovered in the UsersController.php file, where password confirmation can be bypassed via vectors involving an "Accept: application/json" header. Recommendations: For versions prior t...

MISP 授权问题漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP before 2.4.158, which originates in...

OIC Exponent CMS 输入验证错误漏洞

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...

File Upload Vulnerability in Thunderwind Movie CMS V3.3.0 UsersController.class.php Page

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS V3.3.0 File upload vulnerability exists in the UsersController.class.php page. Allows an...

MISP Information Disclosure Vulnerability

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A security vulnerability exists in the 'adminedit' function of the app/Controller/UsersController.php file in MI...

CVE-2017-16946

The adminedit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enablepassword field, which allows admins to discover a hashed password by reading the audit log...

Katello update_roles Privilege Escalation (CVE-2013-2143)

A privilege escalation vulnerability has been reported in Katello. The vulnerability is due to a missing authorization at the "updateroles" action of "users" controller. A remote authenticated attacker may exploit this vulnerability to gain administrator privileges...

Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment

The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...