CVE-2020-35364

Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot...

CVE-2020-19881

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $GET'returnname' parameter, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2018-10946

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI...

CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

CVE-2019-19937

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."...

CVE-2019-8115

A reflected cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation...

CVE-2019-17315

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user...

CVE-2019-8148

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder...

CVE-2019-8289

Vulnerability in Online Store v1.0, stored XSS in admin/userview.php adidasmemberemail variable...

CVE-2019-8091

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution...

CVE-2019-6620

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user...

CVE-2019-5446

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root...

CVE-2019-17301

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...

CVE-2019-10237

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin=add⟨=0 URI, a related issue to CVE-2019-9040...

CVE-2019-17310

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user...

CVE-2019-17419

An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user=adminuser=doGetUserInfo id parameter...

CVE-2019-10888

A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html...

CVE-2019-17307

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...

CVE-2019-17317

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...

CVE-2019-16183

In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions...