EUVD-2019-18965

Malware in sbrugna...

EUVD-2008-6925

Malware in sbrugna...

PT-2023-32914 · Unknown · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical issue has been found in the function add/update of the file app/ctrl/admin/User.php, where the manipulation of the avatar argument leads to unrestricted upload. This issue can be...

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

Hardcoded credentials

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

CVE-2019-12094

CVE-2019-12094 affects Horde Groupware Webmail Edition through 5.2.22. The vulnerability allows XSS via crafted URIs such as admin/user.php?form=update_f&user_name=, admin/user.php?form=remove_f&user_name=, or admin/config/diff.php?app=, as documented in the CVE entry and OSV/NVD references. The ...

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

CVE-2019-9594

CVE-2019-9594 affects BlueCMS 1.6 and describes an SQL injection vulnerability in the parameter user_id within the uploads/admin/user.php?act=edit request. The vulnerability allows bypassing authentication and manipulating the SQL queries executed by the application, leading to potential disclosu...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

Cross site request forgery (csrf)

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-8925

Cross-site request forgery CSRF vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the 1 username, 2 password, 3 admin, 4 action, 5 uid, or 6 modifyadmin parameter...

CVE-2018-8925

Cross-site request forgery CSRF vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the 1 username, 2 password, 3 admin, 4 action, 5 uid, or 6 modifyadmin parameter...

UCenter 1.6.0 /control/admin/user.php 验证码绕过漏洞

No description provided by source...

PHPX 3.x admin/user.php CSRF Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...