21 matches found
CVE-2026-3527
A flaw was found in the Drupal AJAX Dashboard. This vulnerability stems from missing authentication for critical functions, allowing an attacker to exploit incorrectly configured access control security levels. This could lead to unauthorized access to sensitive data or functions within the...
EUVD-2026-16379
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...
CVE-2026-3527
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...
CVE-2026-3527
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...
CVE-2026-3527
CVE-2026-3527 affects Drupal AJAX Dashboard prior to 3.1.0. The Red Hat and EU/ENISA reports corroborate a missing authentication for a critical function in the AJAX Dashboard module, enabling exploitation due to incorrectly configured access control. The vulnerability stems from inadequate acces...
CVE-2026-3527 AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...
Drupal AJAX Dashboard 安全漏洞
Drupal AJAX Dashboard is an ajax dashboard developed by the Drupal company. Versions of Drupal AJAX Dashboard prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for critical functions, which could lead to security breaches due to...
DRUPAL-CONTRIB-2026-022
AJAX Dashboard: Entity Dashboards enables you to create configurable dashboards attached to entities which include AJAX-reloading of a main content area based on inputs from a configurable set of buttons. The module doesn't sufficiently check access on the dashboard configuration route...
CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack...
SQL Injection
Description GLPI 10.0.8 and are affected by an SQL injection on the page ajax/dashboard.php Proof of Concept I can provide you the POC written in python3.5 or higher. Just provide me a way to send it to you. Tested under the following environment: - Ubuntu 20.04 - GLPI 10.0.8 and 10.0.7 - Mysql...
CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44593)
CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxdashboard.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate a user-supplied string before executing a system call...
CentOS Web Panel ajax_dashboard.php File SQL Injection Vulnerability
CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxdashboard.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which originates when the program does not properly validate a user-supplied string. An attacker could exploit the...
CentOS Web Panel ajax_dashboard.php file command injection vulnerability
CentOS Web Panel CWP is a free web hosting control panel. A security vulnerability in the ajaxdashboard.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release stems from a failure to properly validate a user-supplied string before executing a system call. An attacker can exploit this...
CVE-2020-15626
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the term parameter, the proce...
CVE-2020-15626
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the term parameter, the proce...
CVE-2020-15611
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicerestart parameter, the...
CVE-2020-15608
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the aiservice parameter, the process...
CVE-2020-15609
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicestop parameter, the proces...
PT-2020-14534 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax dashboard.ph...
PT-2020-14549 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax dashboard.php file,...