CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

CVE-2019-18873

FUDForum 3.0.9 is affected by CVE-2019-18873 (and related CVE in sources) via Stored XSS in the User-Agent header, enabling remote code execution. The issue arises in admsession.php and admuser.php, and requires an authenticated user to trigger the attack; when an admin visits the affected area u...

CVE-2009-1826

modules/admuser.php in myGesuad 0.9.14 aka 0.9 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...

Design/Logic Flaw

modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...

CVE-2009-1825

modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...

CVE-2009-1825

modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...

CVE-2009-1826

The CVE-2009-1826 entry affects myGesuad 0.9.14 (aka 0.9). The vulnerability is that modules/admuser.php does not require administrative authentication, enabling remote authenticated users to list user accounts via a Find action. This is the explicit root cause and impact stated in multiple sourc...

CVE-2009-1826

modules/admuser.php in myGesuad 0.9.14 aka 0.9 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action...

CVE-2009-1825

The CVE-2009-1825 entry concerns myColex 1.4.2, where modules/admuser.php does not require administrative authentication. This design flaw allows remote authenticated users to list user accounts via a Find action, exposing partial confidentiality (user lists). The description and connected source...