PT-2023-15117 · Unknown · Dynamic Transaction Queuing System

Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/manage user.php" API endpoint. Recommendations: For...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-4043

Summary: The WP Custom Admin Interface WordPress plugin is vulnerable in versions prior to 7.29 due to unserializing user input in settings, which could allow high-privilege users such as admins to perform PHP Object Injection when a suitable gadget is present. The condition is documented across ...

WordPress Plugin WP Custom Admin Interface 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2023-14243 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below Description: A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an...

Authentication flaw

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

CVE-2022-23555 authentik vulnerable to Improper Authentication via invitation URL token reuse

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

Stored XSS in the module named "Website settings"

Description Our engineer found security problems when testing our website. And I have tested the demo website you provided. I found that there is indeed an xss vulnerability. I hope you can check and provide a fix as soon as possible.Thanks. \\ The reason for the vulnerability is that you have...

CVE-2022-47926

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fstdel.inc.php...

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

Hardcoded credentials

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

CVE-2022-36222

CVE-2022-36222 affects Nokia Fastmile 3tg00118abad52 devices shipped by Optus. It uses a default hardcoded admin credentials (admin:Nq+L5st7o) that can be used locally to access the web admin interface. The CVSS v3.1 base score is 8.4 (HIGH); attack vector LOCAL, no privileges required, no user i...

PT-2022-23264 · Nokia · Nokia Fastmile

Name of the Vulnerable Software and Affected Versions: Nokia Fastmile 3tg00118abad52 devices affected versions not specified Description: The issue concerns a default hardcoded admin account with the credentials admin:Nq+L5st7o. This account can be used locally to access the web admin interface...

WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC action=importsettings=O%3a4%3a%22Evil%22%3a0%3a%7b%7d%3b=6960d7bb50...

WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. action=importsettings&settings=O%3a4%3a%22Evil%22%3a0%3a%7b%7d%3b&security=6960d7bb50...

CVE-2022-44393

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/viewservice&id=...

CVE-2022-46333

The admin user interface in Proofpoint Enterprise Protection PPS/PoD contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below...

CVE-2022-46333

The admin user interface in Proofpoint Enterprise Protection PPS/PoD contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below...