GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

PHPGurukul Emergency Ambulance Hiring Portal 注入漏洞

Emergency Ambulance Hiring Portal is an emergency ambulance hiring portal. Emergency Ambulance Hiring Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchdata parameter of the /admin/search.php file. An attacke...

PT-2024-33185 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: PhpGurukul Medical Card Generation System version 1.0 Description: The issue is related to Cross Site Scripting XSS in the /admin/search-medicalcard.php endpoint via the searchdata parameter. This allows for potential malicious script...