GHSA-3636-HX62-PV26 Zenario allows authenticated admin users to upload PDF files containing malicious code

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS attack...

Zenario allows authenticated admin users to upload PDF files containing malicious code

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS attack...

CVE-2024-45960

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS attack...

CVE-2024-45960

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS attack...

CVE-2024-45983

A Cross-Site Request Forgery CSRF vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially...

CVE-2024-6723

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

CVE-2024-6723

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

CVE-2024-6723 AI Engine < 2.4.8 - Admin+ SQLi

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

CVE-2024-6723 AI Engine < 2.4.8 - Admin+ SQLi

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions...

CVE-2024-6910

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2024-38663 · WordPress · Floating Contact Button

Name of the Vulnerable Software and Affected Versions: The Floating Contact Button WordPress plugin versions prior to 2.8 Description: The issue is related to the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admins, to perform...

PT-2024-38685 · WordPress · Pocket Widget

Name of the Vulnerable Software and Affected Versions: Pocket Widget WordPress plugin version 0.1.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite...

CVE-2024-7313

The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

The Bug Report - August 2024 Edition

The Bug Report - August 2024 Edition By Jonathan Omakun · August 26, 2024 Why am I Here August isn’t just about heat waves and summer getaways for the Northern Hemisphere; it’s also when things get serious for students and cybersecurity pros. As organizations prep for the end of the fiscal year,...

CVE-2024-42776

Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php...

CVE-2024-42776

Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php...

PT-2024-30147 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: The issue is related to Incorrect Access Control. It can be exploited via the "/admin/users.php" API endpoint. There is no information provided about the estimated number of potential...

CVE-2024-7799

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be...

CVE-2024-25157

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification...

CVE-2024-25157

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification...