14 matches found
EUVD-2025-199763
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...
CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...
GHSA-675Q-66GF-GQG8 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...
EUVD-2022-3080
Malicious code in bioql PyPI...
EUVD-2025-10307
Malicious code in bioql PyPI...
CVE-2024-40480
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access...
PT-2024-31719 · Unknown +1 · Woocommerce +1
Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...
CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report...
CVE-2022-42238
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard...
Privilege escalation
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard...
PT-2021-16012 · WordPress +1 · Request A Quote +1
Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.3.9 Description: The issue is related to authenticated Stored Cross-Site Scripting, which occurs due to the lack of sanitization, validation, or escaping of some settings in the admin...
CVE-2020-35745
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs...