40 matches found
CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI...
CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI...
Cross site request forgery (csrf)
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI...
CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI...
CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI...
PT-2023-28717 · Phpjabbers · Phpjabbers Limo Booking
Name of the Vulnerable Software and Affected Versions: PHPJabbers Limo Booking Software version 1.0 Description: The issue allows for Cross Site Request Forgery CSRF to add an admin user via the Add Users Function. This can be achieved through the...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
Sql injection
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
PT-2023-24958 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 13.7.0 Description: The issue concerns SQL Injection via the Users function. Recommendations: For Piwigo version 13.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2023-34626
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...
CVE-2023-34626
CVE-2023-34626 affects Piwigo 13.7.0 and is a SQL injection vulnerability in the "+Users" function. The connected documents corroborate the impact as SQL injection on Piwigo 13.7.0, but do not provide concrete details on the root cause, specific vulnerable query, affected versions beyond 13.7.0, ...
CVE-2023-2599
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...
WordPress Plugin Active Directory Integration 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
SQL Injection in the "Users" function of Piwigo
Description Authenticated admin can perform an SQL injection attack by abusing the "Users" function. Proof of Concept - Log in as an admin and access the 'Users' function. - Observe the request on Burp suite POST /piwigo/ws.php?format=json&method=pwg.users.getList. - Manipulate the 'order' or...
CVE-2022-31294
An issue in the saveusers function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts...
Sourcecodester Online Discussion Forum Site 跨站请求伪造漏洞
Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. An online discussion forum. A security vulnerability in Sourcecodester Online Discussion Forum Site version 1.0, which stems from an issue in the saveusers function, allows an unauthenticated attacker to arbitrarily...
PT-2022-20670 · Online Discussion Forum Site +1 · Online Discussion Forum Site
Name of the Vulnerable Software and Affected Versions: Online Discussion Forum Site 1 affected versions not specified Description: The issue allows unauthenticated attackers to arbitrarily create or update user accounts due to a problem in the save users function. Recommendations: At the moment,...
SQL Injection
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to SQL Injection via the mcprojectgetusers function. An attacker can manipulate SQL queries and access or alter database information without proper authorization by injecting malicious SQL command...
Frappe frappe.share.get_users SQL Injection Vulnerability
Frappe is a WEB application. Frappe frappe.share.getusers suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...