Lucene search
K

79 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.7 views

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

9.3CVSS7.3AI score0.02531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/16 8:43 a.m.6 views

CVE-2025-32093

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

4.9CVSS6.8AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 6:57 a.m.1 views

CVE-2025-32093 Syatem admin profile modification by delegated granular administration role

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

4.7CVSS5.9AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2024/10/17 3:15 p.m.15 views

CVE-2024-48920

PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This probl...

9.1CVSS0.00453EPSS
Exploits0References3
NVD
NVD
added 2024/09/30 3:15 p.m.12 views

CVE-2024-46293

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...

9.8CVSS0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/30 12:0 a.m.16 views

CVE-2024-46293

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...

0.00421EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/30 12:0 a.m.10 views

CVE-2024-46293

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...

7.1AI score0.00421EPSS
Exploits0References1
CVE
CVE
added 2024/09/30 12:0 a.m.50 views

CVE-2024-46293

The CVE-2024-46293 entry affects Sourcecodester Online Medicine Ordering System 1.0. The root cause is Incorrect Access Control due to a lack of authorization checks for admin operations, allowing an attacker to perform admin-level actions without a valid session token or verification of admin lo...

9.8CVSS7.1AI score0.00421EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.5 views

PT-2024-27328 · Dell · Dell Powerprotect Dd

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect DD versions prior to 8.0 Dell PowerProtect DD LTS 7.13.1.0 Dell PowerProtect DD LTS 7.10.1.30 Dell PowerProtect DD LTS 7.7.5.40 Description: The issue is related to an Improper Control of a Resource Through its Lifetime...

6.5CVSS7.2AI score0.00477EPSS
Exploits0References4
OSV
OSV
added 2024/06/13 3:15 p.m.5 views

CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

5.4CVSS5.9AI score0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-22649 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...

5.4CVSS7.3AI score0.00349EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/04 12:0 a.m.5 views

Online Tours & Travels Management System SQL Injection Vulnerability

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. SourceCodester Online Tours & Travels Management System version 1.0 suffers from a SQL injection vulnerability in the parameter status in file /admin/operations/expensecategory.php...

7.2CVSS8AI score0.00639EPSS
Exploits1References4
OSV
OSV
added 2024/01/19 9:15 p.m.3 views

CVE-2024-0735

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit...

9.8CVSS5.7AI score0.00697EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.3 views

PT-2024-15792 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the exec function of the file admin/operations/expense.php, leading to sql injection. This issue can be exploited remotely...

9.8CVSS6.9AI score0.00697EPSS
Exploits1References6
Huntr
Huntr
added 2023/04/26 10:4 p.m.17 views

SQL Injection in ajax_data.php

Description An administrator user can use different operations and parameters to execute SQL queries. -customerId on operations getCustomerPaymentInfo and getCustomerStatementInfo. -empId on operations getEmpSalaryData, getEmpLoanLoanData, getEmployeeAdvancePaymentsData. -companyid on operation...

5.8CVSS8.2AI score0.00891EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.4 views

PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the exec function of the file admin/operations/approve delete.php. The manipulation of the id argument...

9.8CVSS7.2AI score0.00822EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.3 views

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. SourceCodester Online Tours & Travels Management System version 1.0 suffers from a SQL injection vulnerability that is found in the function exec in the file...

9.8CVSS7AI score0.00822EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.4 views

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Individual developer. SourceCodester Online Tours & Travels Management System version 1.0 suffers from a SQL injection vulnerability that was discovered in the function exec in the file...

9.8CVSS7.1AI score0.00822EPSS
Exploits1References4
NVD
NVD
added 2023/03/08 4:15 p.m.30 views

CVE-2023-27088

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...

8.8CVSS8.6AI score0.00604EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/17 12:0 a.m.27 views

Online Tours And Travels Management System SQL注入漏洞

Online Tours And Travels Management System is an online tour management system. v1.0 of Online Tours And Travels Management System is vulnerable to SQL injection, which originates from /admin/operations/tax. The tname parameter in php lacks validation for external input SQL statements. An attacke...

7.2CVSS4.3AI score0.00909EPSS
Exploits1References1
Rows per page
Query Builder