CVE-2026-42611

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...

EUVD-2020-30903

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

EUVD-2022-45790

Malicious code in bioql PyPI...

CVE-2024-45805

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information SETTINGSSUPPORT. This is due to inadequate access control for support information...

CVE-2020-22481

An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information...

CVE-2017-8102

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipityeventxsstrust plugin and a setconfig error in that plugin...

PPDB 2.4-update 6118-1 Cross Site Request Forgery

============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

idcCMS 安全漏洞

idcCMS Nettie IDC cloud management agent system is a cloud management agent system of Fuzhou Nettie Software Technology Co. A cross-site request forgery vulnerability exists in idcCMS v1.35, which originates from admin/infodeal.php?mudi=rev&nohrefStr=close not adequately verifying whether a reque...

idccms 安全漏洞

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology, Inc. A security vulnerability exists in idccms v1.35, which was discovered via the component...

Design/Logic Flaw

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...

HCL Technologies Traveler 跨站脚本漏洞

HCL Technologies Traveler is a software from HCL Technologies, India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Technologies Traveler versions prior to 12.0.1.2, which...

Improper Access Control (IDOR)

Description Improper Access Control IDOR could leak admin information. Proof of Concept 1.Login as admin, edit a role to give permission show a user information - save 2.Login as an user with that role - go to url http://my.facturascripts.site/EditUser?code=admin&action=export&option=PDF - Can se...

Design/Logic Flaw

An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the idcat1 query parameter to indicate the risk...

Trendnet AC2600 访问控制错误漏洞

Trendnet AC2600 TEW-827DRU is a wireless router.Trendnet AC2600 TEW-827DRU version 2.08B01 has a security vulnerability that can be exploited by an attacker to manually navigate through the setup wizard and force it to redirect to the desired page, which can bypass authentication and allow users ...

XYHCMS 跨站请求伪造漏洞

xyhcms is a software application. A completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcmsV3.6 has a security vulnerability that can be exploited by an attacker to edit any information about an administrator, such as name, email and password...

AppCMS 安全漏洞

APPCMS is a professional APP content management system, APP application part needs to be used in combination with data center. An arbitrary file deletion vulnerability exists in /admin/info.php in AppCMS version 2.0.101. An attacker can exploit this vulnerability to delete arbitrary files on the...

Moodle 2.9.x < 2.9.9 Multiple Vulnerabilities

Binary data 9834.prm...

phpBazar admin Information Disclosure Vulnerability

No description provided by source...

fipsCMS <= 4.5 (index.asp) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Script Name: fipsCMS = v4.5 index.asp Remote SQL Injection Exploit Coded by : ajann Author : ajann Contact : : use IO::Socket; if@ARGV 3 print ======================================================================== // fipsCMS = v4.5 index.asp...