18 matches found
CVE-2026-1453 Missing Authentication for Critical Function in KiloView Encoder Series
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...
CVE-2025-63223
The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...
EUVD-2020-10052
Malware in sbrugna...
EUVD-2024-51553
Malicious code in bioql PyPI...
E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...
CVE-2020-8425
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...
CVE-2024-13356
The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the userremoveform.php file. This makes it possible for unauthenticated attackers to delete admin user...
CVE-2024-13356
The CVE CVE-2024-13356 affects DSGVO All in one for WP (WordPress) plugins up to version 4.6. The root cause is missing/invalid nonce validation in user_remove_form.php, enabling Cross-Site Request Forgery that can allow unauthenticated attackers to delete admin accounts if a site admin is tricke...
Online Examination System Project 1.0 - Cross-site request forgery (CSRF)
Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery CSRF Google Dork: n/a Date: 09/06/2023 Exploit Author: Ramil Mustafayev kryptohaker Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...
CVE-2020-22334
CVE-2020-22334 describes a CSRF vulnerability in beescms v4 that enables an attacker to delete the administrator account via a crafted request to /admin/admin_admin.php. The cited CVSS 3.1 entry (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) scores 6.5 (Medium). Exploitation details are not provided in th...
CVE-2021-25073
CVE-2021-25073 affects the WP125 WordPress plugin prior to version 1.5.5. The root cause is missing CSRF checks in multiple actions (e.g., deleting an ad), which enables an attacker to induce a logged-in administrator to perform unwanted deletions via CSRF. Documents describe an exploitation path...
CVE-2020-18123
A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts...
CVE-2020-18123
The CVE-2020-18123 entries describe a CSRF vulnerability in Indexhibit 2.1.5 that allows an attacker to arbitrarily delete administrator accounts. Affected software: Indexhibit 2.1.5 (web-based CMS). Underlying issue: cross-site request forgery enabling unauthorized admin deletion. Impact: admini...
CVE-2020-8425
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...
CVE-2020-8425
CVE-2020-8425 affects Cups Easy (Purchase & Inventory) 1.0 web application. The vulnerability is a Cross-Site Request Forgery (CSRF) that can lead to admin account deletion via userdelete.php (and related password-reset/administration actions) as described in multiple sources. Exploitation detail...
CVE-2020-8425
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...
Discuz! X2.5 / X3 / X3.1 可CSRF删管理员账号
简要描述: 接着上次的漏洞来…… 详细说明: 上次那个漏洞: WooYun: Discuz! X2.5 / X3 / X3.1中CSRF攻击防御可被绕过 你们回复说是程序员认为不需要校验才这么设置……那这回应该算是你设计问题了吧 后台删除用户页面只是单纯做了submitcheck'submit', 1,按之前的说明,程序这里没有判断formhash,也就是说可以用于CSRF 不过利用这个漏洞前提是要管理员登陆了后台,不过这个不会很麻烦吧(比如故意加点关键字进审核然后让管理员触发神马的,实在不行还能发帖钓鱼) 漏洞证明: 发帖插入 Discuz! 代码:...
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
Exploit Title: Silverstripe = 2.3.5 Cross Site Request Forgery & Open Redirection. Date: 12/01/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Vendor: www.silverstripe.org | Version: 2.0.0 Tested on: PHP Open Redirection: OWASP: An open redirect is an application that...