alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

Summary application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's...

CVE-2023-50931

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting...

CVE-2025-59416

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

CVE-2025-32093 Syatem admin profile modification by delegated granular administration role

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

SchoolPlus 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : SchoolPlus v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

Lack of double step transfer in admin modification in a upgradeable contract is dangerous

Lines of code Vulnerability details Lack of double step transfer in admin modification in a upgradeable contract is dangerous Summary Double step transfer of admin / ownership should be a must in upgradeable contracts Vulnerability Detail Admin is changed with changeAdmin that calls changeAdmin,...

Ultimate Media Script 2.0 - Remote Change Content Vulnerabilities

No description provided by source. tittle Ultimate Media Script 2.0 Remote Change Password/Add Admin/Delete Admin Exploit/tittle FORM action=http://umscript.com/demo/admin/index.php?mod=admins method=post TD class=column1INPUT class=umsinput name=username/TD TD class=column1INPUT class=umsinput...

Web Directory PRO Password Changer

change password Web Directory PRO MODIFY Login Password TypeSubadminAdmin Categories ArtBusinessComputersGamesHealth & FitnessNewsSportsRecreationInternetTeen & KidsReferenceEducationRegionalSocietyScienceHome & FamilyWorldShoppingWeb HostingDedicated ServersISPHardwareSoftwareSec...