15 matches found
Cross-site Request Forgery (CSRF)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /account/edit endpoint. An attacker can alter account details, such as email addresses, by tricking users into visiting malicious pages, and subsequentl...
CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...
GHSA-54V4-4685-VWRJ alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass
Summary application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's...
EUVD-2020-5787
Malware in sbrugna...
CVE-2025-46740 Improper Handling of Insufficient Permissions
An authenticated user without user administrative permissions could change the administrator Account Name...
CVE-2022-36073 RubyGems allows creation of users with arbitrary unverified emails
RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that...
CVE-2022-30898
A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...
uListing < 1.7 - Unauthenticated Arbitrary Account Change
The AJAX action stmlistingprofileedit accessible to both authenticated and unauthenticated users did not perform capability and CSRF checks, and did not ensure that the edited account belonged to the user making the request. This allows unauthenticated users to update arbitrary accounts, such as...
CVE-2020-13540
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...
CVE-2020-13540
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...
CVE-2020-13540
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...
PT-2021-9622 · Unknown · Win-911 Enterprise
Name of the Vulnerable Software and Affected Versions: Win-911 Enterprise version 4.20.13 Description: A local privilege elevation issue exists due to file system permissions in the install directory, specifically via the WIN-911 Account Change Utility. This allows an attacker to overwrite...
CVE-2019-9598
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds...
CVE-2018-17870
An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...
D-Link DI-524 - Cross-Site Request Forgery
D-Link DI-524 - Cross-Site Request Forgery Title: D-Link DI-524 - Cross-Site-Request-Forgery Vulnerability Credit: Felipe Soares de Souza Date: 09/12/2016 Vendor: D-Link Product: D-Link DI-524 Wireless 150 Product link: https://dlink.com.br/produto/di-524150 Version: Firmware 9.01 1- Reboot the...