CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of...

CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of...

CVE-2020-8866

CVE-2020-8866 affects Horde Groupware Webmail Edition 5.2.22, with a flaw in add.php where insufficient validation of user-supplied data allows remote attackers (authenticated) to upload arbitrary files. This can enable code execution in the www-data context when combined with other vulnerabiliti...

Horde Groupware Webmail Code Issue Vulnerability

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A code issue vulnerability exists in the add.php script in Horde Groupware Webmail Edition version 5.2.22, which stems from the program failing to properly validate user-submitted input. An attacker...

PT-2020-20337 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: This issue allows remote attackers to create arbitrary files on affected installations. Authentication is required to exploit this. The flaw exists within the add.php file and result...

PT-2020-11982 · Phpgurukul · Phpgurukul Online Book Store

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Book Store version 1.0 Description: An unauthenticated file upload issue has been identified in the admin add.php file. This could be exploited by a remote attacker to upload content, including PHP files, potentially leading...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

Cross site request forgery (csrf)

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the admin/users/add.php component. The underlying issue enables an attacker to add an administrator account after the legitimate administrator logs in and visits the crafted page. Impact is described as enabling...

CVE-2019-1010095

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page...

CVE-2016-10738

Zenbership v107 has CSRF via admin/cp-functions/event-add.php...

CVE-2016-10738

Zenbership v107 has CSRF via admin/cp-functions/event-add.php...

CVE-2016-10738

Zenbership v107 is affected by a CSRF vulnerability located at admin/cp-functions/event-add.php. The description explicitly states CSRF via that endpoint, indicating potential unauthorized operations could be triggered by attackers. No concrete patch/version remediation details are provided in th...

CVE-2018-19751

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields...

CVE-2018-19751

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields...

CVE-2018-19751

DomainMOD 4.11.01 contains a stored cross-site scripting vulnerability in the admin/ssl-fields/add.php page (Display Name, Description & Notes fields). The root cause is input processing that allows injected JavaScript to be stored and executed in the victim’s browser, with potential for session ...

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

CVE-2018-17090

An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazyadresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by tags...

maskay.com XSS vulnerability

Open Bug Bounty ID: OBB-668673 Description| Value ---|--- Affected Website:| maskay.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...