Lucene search
K

20 matches found

NVD
NVD
added 2026/07/02 5:16 p.m.12 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS0.00564EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 5:5 p.m.10 views

EUVD-2024-55647

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55264

Name of the Vulnerable Software and Affected Versions Landray OA affected versions not specified Description An unauthenticated HQL injection exists, allowing attackers to query arbitrary Hibernate entity classes. This occurs due to insufficient input sanitization in the string-concatenated filte...

8.7CVSS6.3AI score0.00564EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-12979

Malware in sbrugna...

8.1CVSS8.2AI score0.01291EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-12980

Malware in sbrugna...

8.1CVSS8.2AI score0.0118EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2024/10/01 10:28 a.m.98 views

Exploit for CVE-2024-9106

CVE-2024-9106 Wechat Social login = 1.3.0 - Authentication...

9.8CVSS9.7AI score0.0171EPSS
Exploits1
CNVD
CNVD
added 2018/12/26 12:0 a.m.5 views

Discuz! DiscuzX file deletion vulnerability

Discuz! DiscuzX is an online forum system. A file deletion vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to delete the commonmemberwechatmp data structure by sending an ac=unbindmp request to the plugin.php page when wechat login is enabled...

5.9CVSS7AI score0.00903EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/26 12:0 a.m.4 views

Discuz! DiscuzX Authentication Bypass Vulnerability

Discuz! DiscuzX is an online forum system. An authentication bypass vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to bypass authentication and gain access to an account with the help of a non-empty wechatcommonmemberwechatmp when wechat login is...

8.1CVSS7.3AI score0.01291EPSS
Exploits1References1
Prion
Prion
added 2018/12/24 4:29 a.m.17 views

Design/Logic Flaw

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

5.8CVSS5.8AI score0.00903EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/24 4:29 a.m.4 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

8.1CVSS5.8AI score0.01291EPSS
Exploits1References1
NVD
NVD
added 2018/12/24 4:29 a.m.19 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

8.1CVSS8.4AI score0.01291EPSS
Exploits1References1
Prion
Prion
added 2018/12/24 4:29 a.m.15 views

Authentication flaw

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

6.8CVSS8.3AI score0.01291EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/24 4:29 a.m.22 views

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

5.9CVSS5.8AI score0.00903EPSS
Exploits1References1
NVD
NVD
added 2018/12/24 4:29 a.m.24 views

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

8.1CVSS8.1AI score0.0118EPSS
Exploits1References1
Prion
Prion
added 2018/12/24 4:29 a.m.15 views

Design/Logic Flaw

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

6.8CVSS8AI score0.0118EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/24 4:29 a.m.7 views

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

5.9CVSS5.8AI score0.00903EPSS
Exploits1References1
OSV
OSV
added 2018/12/24 4:29 a.m.6 views

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

8.1CVSS5.8AI score0.0118EPSS
Exploits1References1
CVE
CVE
added 2018/12/24 4:0 a.m.53 views

CVE-2018-20424

Discuz! DiscuzX 3.4 is vulnerable when WeChat login is enabled: a remote attacker can delete the common_member_wechatmp data structure by sending ac=unbindmp to plugin.php. This is documented in CVE-2018-20424 and CNVD-2018-26767, noting a remote deletion Impact. The provided sources do not inclu...

5.9CVSS5.8AI score0.00903EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/24 4:0 a.m.40 views

CVE-2018-20423

CVE-2018-20423 affects Discuz! DiscuzX 3.4 when WeChat login is enabled. A logic flaw in plugin.php ac=wxregister allows remote attackers to bypass the “disabled registration” setting by supplying a non-existent wxopenid value, enabling unauthorized registrations. Exploitation details are not pro...

8.1CVSS8AI score0.0118EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/24 4:0 a.m.22 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

8.4AI score0.01291EPSS
Exploits1References1
Rows per page
Query Builder