Lucene search
K

121 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.20 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of limits on the number of authentication attempts at the /admin/check endpoint, allowing...

9.3CVSS5.8AI score0.00339EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/13 3:32 p.m.12 views

SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

Summary POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 8:42 p.m.8 views

GHSA-9PQ7-MFWH-XX2J phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...

9.1CVSS6.1AI score0.00339EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 8:42 p.m.9 views

phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...

9.3CVSS6.1AI score0.00339EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/04/29 9:53 p.m.12 views

GHSA-C7XM-R6VJ-8VG6 Admidio Missing Minimum Administrator Check in Role Membership Removal

Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...

5.2CVSS5.7AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2026/04/29 9:46 p.m.4 views

GHSA-XQV4-XM7H-52CV Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...

6.5CVSS6AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 9:23 p.m.5 views

GHSA-PRP4-2F49-FCGP Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References4
OSV
OSV
added 2026/04/14 10:49 p.m.5 views

GHSA-6RC6-P838-686F WWBN AVideo has a Path Traversal in Locale Save Endpoint Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)

Summary The locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via fwrite at line 40. An admin attacker or any user who can CSRF an...

8.7CVSS6.1AI score0.00656EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/09 4:0 a.m.33 views

CVE-2026-5840 PHPGurukul News Portal Project check_availability.php sql injection

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS0.00202EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:0 a.m.3 views

CVE-2026-5840

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.7AI score0.00202EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/09 4:0 a.m.16 views

CVE-2026-5840

The CVE-2026-5840 entry concerns PHPGurukul News Portal Project 4.1. It specifies a SQL injection in an unknown function of /admin/check_availability.php arising from manipulation of the Username parameter, with remote exploitation possible. Public exploit is noted. No additional remediation step...

5.8CVSS5.7AI score0.00202EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Inc. Version 3.1 of PHPGurukul Online Course Registration has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter regno in the file...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Username in the file admin/checkavailability.php, which may le...

5.8CVSS5.8AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.10 views

PT-2026-31582

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal Project version 4.1 Description A security flaw exists in PHPGurukul News Portal Project 4.1. Manipulation of the Username argument in the /admin/check availability.php file can lead to SQL injection. Remote exploitation...

5.8CVSS5.9AI score0.00202EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/08 11:0 p.m.1 views

CVE-2026-5814

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/08 12:4 a.m.5 views

EUVD-2026-19736

pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 12:4 a.m.6 views

GHSA-PPVX-RWH9-7RJ7 pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

Summary The ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31552

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration version 3.1 Description A security issue exists in PHPGurukul Online Course Registration 3.1 related to the processing of the /admin/check availability.php file. Manipulation of the regno argument can lead...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References12
NVD
NVD
added 2026/04/07 5:16 p.m.3 views

CVE-2026-35610

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassworduserId, password and deleteUseruserId in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute bot...

8.8CVSS0.00298EPSS
Exploits1References1
Rows per page
Query Builder