CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

PT-2026-24980

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

CVE-2025-63409

CVE-2025-63409 affects GCOM EPON 1GE C00R371V00B01. The issue is privilege escalation due to improper access control, enabling remote authenticated users to modify administrator-only settings and extract administrator credentials. Root cause and exact vulnerable component are described as access-...

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

CVE-2025-8342

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...

CVE-2022-46071

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access...

CVE-2022-46071

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access...

CVE-2022-46071

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

The vulnerability of the software-hardware complex for protecting information from unauthorized access—“Akord-V”—is related to the violation of established role assignments. This allows an intruder to bypass the access restrictions for resources of the ABI/AVI system for the system administrators and execute arbitrary code on behalf of the system.

The vulnerability of the software-hardware complex for protecting information from unauthorized access, “Akord-V,” is related to the violation of established role assignments. Exploiting this vulnerability allows an intruder to bypass the access restrictions for ARMs of types ABI/AVI for ARM...

CVE-2019-20004

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...

CMS Made Simple Elevation of Privilege Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS 2.2.6 and...

sNews 1.7.1 - Arbitrary File Upload

sNews 1.7.1 - Arbitrary File Upload Exploit Title : Snews CMS upload sheller Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 04/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link :...

Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution

No description provided by source...

CVE-2008-5576

admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the currentuseruserslevel parameter...

qdblog-lfisql.txt

. . . . | . .| . .;/ || Infos --------- Date : 2007-04-12 Product : QDBlog Version : v0.4 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/qdblog/ Vendor Status : 2007-04-12 - Not Informed! Description : QDBlog is an open-source, simple, minimalistic blogging...

Quick and Dirty Blog (qdblog) 0.4 - SQL Injection Local File Inclusion

Quick and Dirty Blog qdblog 0.4 - SQL Injection Local File Inclusion . . . . | . .| . .;/ || Infos --------- Date : 2007-04-12 Product : QDBlog Version : v0.4 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/qdblog/ Vendor Status : 2007-04-12 - Not Informed!...

QDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== QDBlog 0.4 SQL Injection/LFI Multiple Remote Vulnerabilities ============================================================== . . . . | . .| . .;/ || Infos --------- Date :...