252 matches found
SourceCodester Health Center Patient Record Management System 安全漏洞
SourceCodester Health Center Patient Record Management System is a SourceCodester open source health center patient record management system. A security vulnerability exists in SourceCodester Health Center Patient Record Management System version 1.0, which is caused by a SQL injection due to an...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
CVE-2020-11624
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but...
CVE-2018-10570
Frog CMS 0.9.5 has XSS in /install/index.php via the 'config''adminusername' field...
CVE-2018-16604
An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes e.g., "$phpinfo"...
CVE-2024-8121
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpextchangeadminname function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, wi...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Missing Authorization to Admin Username Change vulnerability
Missing Authorization to Admin Username Change vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...
Campcodes Complete Online Beauty Parlor Management System SQL注入漏洞
Campcodes Complete Online Beauty Parlor Management System is an online beauty parlor management system from Campcodes, Inc. A SQL injection vulnerability exists in Campcodes Complete Online Beauty Parlor Management System version 1.0, which originates from an SQL injection vulnerability in the...
Exploit for Missing Authorization in Wpexperts Post_Smtp
What the exploit does - Places a token that allows you to vie...
CVE-2023-48016
Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter...
Privilege escalation
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-43875
Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...
CVE-2023-43875
Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...
CVE-2023-40852
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page...
CVE-2023-40852
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...
CVE-2023-34666
Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...