EUVD-2020-31218

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=adduser endpoint with POST requests...

CVE-2020-37217 Easy2Pilot 7 Cross-Site Request Forgery via admin.php

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=adduser endpoint with POST requests...

CVE-2025-11485 SourceCodester Student Grades Management System Manage Users admin.php add_user cross site scripting

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

CVE-2025-11485 SourceCodester Student Grades Management System Manage Users admin.php add_user cross site scripting

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

EUVD-2023-55652

Malicious code in bioql PyPI...

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...

CVE-2024-13039

A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adduser.php. The manipulation of the argument name/email/password/number leads to sql injection. The attack may be launched remotely...

TRENDnet TEW-821DAP 安全漏洞

The TRENDnet TEW-821DAP is a wireless access point from Trendnet. A security vulnerability exists in the TRENDnet AC1200 TEW-821DAP V2.0R and V2.5R version 3.00b06, which stems from the presence of a buffer overflow vulnerability that could allow an attacker to execute arbitrary code via admaddus...

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the adduser interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750...

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

The vulnerability of the index.php/admin/add_user component of the Chikitsa Patient Management System allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability of the index.php/admin/adduser component of the Chikitsa Patient Management System exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality and integrity of th...

CVE-2021-38149

index.php/admin/adduser in Chikitsa Patient Management System 2.0.0 allows XSS...

Cross site scripting

index.php/admin/adduser in Chikitsa Patient Management System 2.0.0 allows XSS...

CVE-2021-38149

index.php/admin/adduser in Chikitsa Patient Management System 2.0.0 allows XSS...

CVE-2020-13427

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...

Cross site scripting

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...

CVE-2019-19858

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. admin/adduser/UID allows stored XSS via the author parameter...

CVE-2018-18922

adduser in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/adduser.php POST request...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Realtyna RPL comrpl component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an adduser action to administrator/index.php...