79 matches found
CVE-2019-14986
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...
CVE-2025-32093
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...
CVE-2025-32093 Syatem admin profile modification by delegated granular administration role
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...
CVE-2024-48920
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This probl...
CVE-2024-46293
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...
CVE-2024-46293
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...
CVE-2024-46293
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...
CVE-2024-46293
The CVE-2024-46293 entry affects Sourcecodester Online Medicine Ordering System 1.0. The root cause is Incorrect Access Control due to a lack of authorization checks for admin operations, allowing an attacker to perform admin-level actions without a valid session token or verification of admin lo...
PT-2024-27328 · Dell · Dell Powerprotect Dd
Name of the Vulnerable Software and Affected Versions: Dell PowerProtect DD versions prior to 8.0 Dell PowerProtect DD LTS 7.13.1.0 Dell PowerProtect DD LTS 7.10.1.30 Dell PowerProtect DD LTS 7.7.5.40 Description: The issue is related to an Improper Control of a Resource Through its Lifetime...
CVE-2024-28966
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
PT-2024-22649 · Dell · Dell Scg
Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...
Online Tours & Travels Management System SQL Injection Vulnerability
Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. SourceCodester Online Tours & Travels Management System version 1.0 suffers from a SQL injection vulnerability in the parameter status in file /admin/operations/expensecategory.php...
CVE-2024-0735
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit...
PT-2024-15792 · Sourcecodester · Sourcecodester Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the exec function of the file admin/operations/expense.php, leading to sql injection. This issue can be exploited remotely...
SQL Injection in ajax_data.php
Description An administrator user can use different operations and parameters to execute SQL queries. -customerId on operations getCustomerPaymentInfo and getCustomerStatementInfo. -empId on operations getEmpSalaryData, getEmpLoanLoanData, getEmployeeAdvancePaymentsData. -companyid on operation...
PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the exec function of the file admin/operations/approve delete.php. The manipulation of the id argument...
Online Tours & Travels Management System SQL注入漏洞
Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. SourceCodester Online Tours & Travels Management System version 1.0 suffers from a SQL injection vulnerability that is found in the function exec in the file...
Online Tours & Travels Management System SQL注入漏洞
Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. SourceCodester Online Tours & Travels Management System version 1.0 suffers from a SQL injection vulnerability that was discovered in the function exec in the file...
CVE-2023-27088
feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...
Online Tours And Travels Management System SQL注入漏洞
Online Tours And Travels Management System is an online tour management system. v1.0 of Online Tours And Travels Management System is vulnerable to SQL injection, which originates from /admin/operations/tax. The tname parameter in php lacks validation for external input SQL statements. An attacke...