8 matches found
📄 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion
The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce proper role-based access...
EUVD-2025-13565
Malicious code in bioql PyPI...
PT-2025-19903
Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions prior to 4.2.2 Description The issue is related to an Insecure Direct Object Reference in the create stripe subscription...
WordPress WP Abstracts plugin <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability discovered by SOPROBRO in WordPress Plugin WP Abstracts versions = 2.7.3...
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
While confirming the issues from https://wpvulndb.com/vulnerabilities/10086 have been remediated, two CSRF issues were identified, allowing attackers to make logged in administrator delete arbitrary accounts, as well as create a new administrator account. Other CSRF may be present but haven't bee...
KPPW最新版本(Csrf删除任意帐号/添加管理员)
简要描述: 求高Rank 么么哒 详细说明: http://localhost/KPPW/index.php?do=user&view=message&op=send http://localhost/KPPW/index.php?do=pubtask&id=1&step=step2 收件人填目标用户名 标题随便 内容没有转义 不过过滤了敏感标签和 onerror onload等事件。 先来看第一个删除任意帐号 http://localhost/KPPW/admin/index.php?do=user&view=list&op=del&edituid=5529 GET提交此URL...
CVSTrac CVSROOT/passwd arbitrary account deletion
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of CVSTRAC is vulnerable to a flaw wherein a remote attacker can overwrite a critical file, thereby giving them elevated access and potentially control over other user accounts. OpenVA...