132 matches found
CVE-2024-34240
QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting XSS resulting in arbitrary code execution in admin functions related to adding or updating records...
PT-2024-25761
Name of the Vulnerable Software and Affected Versions QDOCS Smart School version 7.0.0 Description The issue is related to Cross Site Scripting XSS, which results in arbitrary code execution in admin functions, specifically when adding or updating records. This could potentially allow an attacker...
Exploit for CVE-2024-27631
CVE-2024-27631 Vulnerability Details Overview In Savane v...
CVE-2024-28662
A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...
Cross site scripting
A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...
CVE-2024-28662
A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...
CVE-2024-0797
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...
CVE-2024-0797
CVE-2024-0797 affects the WordPress plugin “Active Products Tables for WooCommerce” (Profit-Products-Tables-for-WooCommerce). The vulnerability is due to missing capability checks in several functions, allowing subscribers (and higher) to access admin-only functionality in all versions up to and ...
PT-2024-15830 · Woocommerce · Active Products Tables For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Active Products Tables for WooCommerce versions up to, and including, 1.0.6.1 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it possible for subscriber...
Silverpeas Security Vulnerabilities
Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums and document management. A security vulnerability exists in Silverpeas Core 6.3.1 and earlier versions, which stems from the vulnerability of the application to...
Unrestricted access to critical admin functions in StakedUSDe due to extremely flawed implementation in SingleAdminAccessControl
Lines of code Vulnerability details Summary There is a critical vulnerability in the StakedUSDe CA, allowing an attacker to manipulate the state of the CA and/or drain assets without proper authorization. Vulnerability Detail The StakedUSDe inherits from the SingleAdminAccessControl CA, which...
CVE-2023-26062
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...
CVE-2023-26062
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possibl...
PT-2023-20458 · Nokia · Nokia Web Element Manager
Name of the Vulnerable Software and Affected Versions: Nokia Web Element Manager versions prior to 22 R1 Description: A mobile network solution internal fault is found in Nokia Web Element Manager, where an authenticated, unprivileged user can execute administrative functions. Exploitation is not...
SQL injection in some Admin Sort functions
Description SQL injection due to unsanitized concatenating strings into ORDER BY clause, 'sort' parameter Proof of Concept Log in as an admin, go to Admin Translations or Application Logger functions, and perform a sort action Observer the request on Burpsuite and injection point is the 'sort'...
A malicious frontrunner can make the Mutebond contract broken when the owner decreases maxPayout
Lines of code Vulnerability details Impact The Mutebond contract might stop working after the owner decreased maxPayout by a malicious frontrunner. Proof of Concept setMaxPayout can be used to reset maxPayout. function setMaxPayoutuint payout external requiremsg.sender == customTreasury.owner;...
VulnCheck KEV: CVE-2022-45813
BeRocket Plugins for WordPress is vulnerable to an authorization bypass in the closenotice, subscribe, disableratenotice, featurerequestsend, getpluginerrorajax, closenotice, and testkey functions which can allow user level subscribers to invoke these admin level functions...
CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...
Code injection
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...
CVE-2022-42438 IBM Cloud Pak for Multicloud Management Monitoring privilege escalation
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...