8 matches found
CVE-2026-45009
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
CVE-2026-45009
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
Weak Password Vulnerability in Marcum Database Auditing System of Shenzhen Marcum Technology Co.
Marcum Database Security Audit System mainly realizes visualized monitoring, analysis and summarization of users' access to database operation behaviors, providing users with electronic evidence for tracing back the root cause of accidents, and at the same time, providing efficient querying of...
SUSE CVE-2023-27830
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account...
Local Service Search Engine Management System SQL Injection Vulnerability
Local Service Search Engine Management System is a simple PHP/MySQLi project. SQL injection vulnerability exists in Local Service Search Engine Management System 1.0, which stems from a failure to properly validate input information and can be exploited to bypass the login page and gain backend...
Jfinal CMS Cross-Site Scripting Vulnerability
Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS cross-site scripting vulnerability , the vulnerability stems from the...
Weak password vulnerability in the WEB management system of RSR routers of Ruijie Networks Co.(CNVD-2021-34228)
Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more. A weak password vulnerability exists in the WEB management system of RSR routers of...
Elevation of Privilege Vulnerability in CMS Made Simple
CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engines. An elevation of privilege vulnerability exists in CMS Made Simple. An attacker can exploit the vulnerability to bypass anti-forgery checks on data and gain access to backend...