14 matches found
EUVD-2025-199763
An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...
CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...
CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...
GHSA-675Q-66GF-GQG8 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...
EUVD-2022-3080
Malicious code in bioql PyPI...
EUVD-2025-10307
Malicious code in bioql PyPI...
CVE-2024-40480
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access...
PT-2024-31719 · Unknown +1 · Woocommerce +1
Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...
CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report...
CVE-2022-42238
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard...
Privilege escalation
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard...
PT-2021-16012 · WordPress +1 · Request A Quote +1
Name of the Vulnerable Software and Affected Versions: Request a Quote WordPress plugin versions prior to 2.3.9 Description: The issue is related to authenticated Stored Cross-Site Scripting, which occurs due to the lack of sanitization, validation, or escaping of some settings in the admin...
CVE-2020-35745
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs...