PT-2022-6310 · Ibm · Ibm Cloud Pak For Multicloud Management Monitoring

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Multicloud Management Monitoring versions 2.0 through 2.3 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow a remote attacker to elevate...

The vulnerability in the implementation of the admin/functions.php script of the PuppyCMS CMS system allows a perpetrator to execute arbitrary code.

The vulnerability of the admin/functions.php implementation in the PuppyCMS CMS system is related to incorrect permission storage. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PT-2022-23235 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: XXL-JOB versions prior to the version released after 11 July 2022 Description: The issue allows an attacker to execute admin functions with a low-privilege account due to insecure permissions. Recommendations: For all versions as of 11 July...

[H1] Some admins functions are unusable because of misuse of variables in upgradeable contracts

Lines of code Vulnerability details Impact ​ Admin functions in NFTCollectionFactor.sol are unusable through a proxy Proof of Concept ​ Upgradeable contracts cannot use neither constructors nor use immutable variables. The reason for that is they work behind a proxy which calls them using...

Functions of MarketPlace.sol will always revert

Lines of code Vulnerability details Impact Functions which call VaultTracker admin functions e.g. addNotional from MarketPlace will always revert since the admin is Creator. Proof of Concept VaultTracker.sol has an authorizedadmin modifier which only allows admin to call these functions. And the...

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

Sql injection

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

Attendance Management System SQL注入漏洞

Attendance Management System is an attendance management system by Razormist Personal Developer. It is used to maintain daily attendance records. Attendance management system version 1.0 has a SQL injection vulnerability, which can be exploited by an attacker via admin/incFunctions.php...

U.S. Dept Of Defense: Unauthenticated Access to Admin Panel Functions at https://██████████/████████

Description: I discovered that the admin panel at https://████/█████ and all its functions can be accessed without authentication. Impact An attacker is able to use the administrative functions in order to upload, delete or modify files. System Hosts ████████ Affected Products and Versions ██████...

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle defsec Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them...

Missing event & timelock for critical onlyAdmin functions

Handle 0xRajeev Vulnerability details Impact onlyAdmin functions that change critical contract parameters/addresses/state should emit events and consider adding timelocks so that users and other privileged roles can detect upcoming changes by offchain monitoring of events and have the time to rea...

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle 0xRajeev Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate the...

Mail.ru: Unauthorized Access To Admin panel

Access to static files of playerone.ru admin web interface was not sufficiently restricted. There was no possibility to access admin functions. Simple Bypass: Try access playerone.ru/admin/users/ 403 : host playerone.ru 127.0.0.1 Try again 127.0.0.1/admin/users 200 OK :...

CVE-2020-18888

Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php...

CVE-2020-18890

Rmote Code Execution RCE vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php...

puppyCMS 安全漏洞

puppyCMS is a very simple, flat file CMS. An arbitrary file deletion vulnerability exists in puppyCMS version 5.1. The vulnerability stems from the fact that there is no path to any restriction. A remote attacker can exploit this vulnerability to delete files/folders via /admin/functions.php...

puppyCMS 安全漏洞

puppetCMS is a small, simple, flat file CMS written in PHP. A remote code execution vulnerability exists in puppyCMS version 5.1. The vulnerability stems from insecure permissions. The vulnerability can be exploited by an attacker via /admin/functions.php as a getshell...

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...