Lucene search
K

298 matches found

NVD
NVD
β€’added 2025/12/16 5:16 p.m.β€’10 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
OSV
OSV
β€’added 2025/12/16 5:16 p.m.β€’7 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.3CVSS6.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
β€’added 2025/12/16 5:6 p.m.β€’2 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.3AI score0.00567EPSS
Exploits1References4
EUVD
EUVD
β€’added 2025/12/16 5:6 p.m.β€’5 views

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References5
CVE
CVE
β€’added 2025/12/16 5:6 p.m.β€’23 views

CVE-2023-53895

PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...

9.8CVSS6.3AI score0.00567EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
β€’added 2025/12/16 5:6 p.m.β€’31 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
Packet Storm
Packet Storm
β€’added 2025/12/16 12:0 a.m.β€’232 views

πŸ“„ Gnuboard 5.6.23 SQL Injection / Code Execution

Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution. ============================================================================================================================================= | Title : Gnuboard v5.6.23...

9.8CVSS9.1AI score0.05377EPSS
Exploits4
Positive Technologies
Positive Technologies
β€’added 2025/12/16 12:0 a.m.β€’9 views

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

9.8CVSS6.4AI score0.00567EPSS
Exploits1References10
EUVD
EUVD
β€’added 2025/12/15 11:7 p.m.β€’3 views

EUVD-2025-203469

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

8.7CVSS6.8AI score0.0059EPSS
Exploits1References7
Cvelist
Cvelist
β€’added 2025/12/15 11:7 p.m.β€’29 views

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

8.7CVSS0.0059EPSS
Exploits1References7
RedhatCVE
RedhatCVE
β€’added 2025/12/11 10:1 p.m.β€’5 views

CVE-2020-36894

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

9.3CVSS7.2AI score0.00696EPSS
Exploits1References1
EUVD
EUVD
β€’added 2025/12/10 9:31 p.m.β€’4 views

EUVD-2020-30838

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

9.3CVSS6.7AI score0.00696EPSS
Exploits1References5
EUVD
EUVD
β€’added 2025/12/10 9:31 p.m.β€’5 views

EUVD-2020-30832

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.3AI score0.00224EPSS
Exploits1References5
OSV
OSV
β€’added 2025/12/10 9:16 p.m.β€’2 views

CVE-2020-36894

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

7.5CVSS5.8AI score0.00696EPSS
Exploits1References4
OSV
OSV
β€’added 2025/12/10 9:16 p.m.β€’2 views

CVE-2020-36886

SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full...

8.8CVSS5.7AI score0.00225EPSS
Exploits1References5
CVE
CVE
β€’added 2025/12/10 8:53 p.m.β€’21 views

CVE-2020-36894

CVE-2020-36894 affects Eibiz i-Media Server Digital Signage 3.8.0. The vulnerability is an authentication bypass in which crafted AMF-encoded objects manipulated at /messagebroker/amf allow unauthenticated attackers to create administrator users, bypassing security controls. Multiple connected so...

9.3CVSS6.8AI score0.00696EPSS
Exploits1References4Affected Software1
Metasploit
Metasploit
β€’added 2025/12/10 6:57 p.m.β€’522 views

WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE

This module exploits an unauthenticated privilege escalation vulnerability in the WordPress King Addons for Elementor plugin versions 24.12.92 to 51.1.14. The vulnerability exists in the handleregisterajax function which allows unauthenticated attackers to specify the userrole parameter during...

9.8CVSS6.6AI score0.09142EPSS
Exploits4
EUVD
EUVD
β€’added 2025/12/09 9:31 p.m.β€’4 views

EUVD-2021-34725

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.3AI score0.00164EPSS
Exploits0References5
Cvelist
Cvelist
β€’added 2025/12/09 8:46 p.m.β€’22 views

CVE-2021-47730 Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.5CVSS0.00213EPSS
Exploits1References5
CVE
CVE
β€’added 2025/12/09 8:46 p.m.β€’16 views

CVE-2021-47730

CVE-2021-47730 affects Selea Targa IP OCR-ANPR Camera and is a cross-site request forgery that allows an attacker to create an admin user without authentication. The provided documents state that a malicious page can submit a form to add a new administrator with full system privileges when a logg...

8.8CVSS6.4AI score0.00213EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder