12 matches found
EUVD-2024-45000
Malicious code in bioql PyPI...
CVE-2024-50808
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in adminnotify.php...
Cross-Site Request Forgery (CSRF)
typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55894
TYPO3 BEUSER CSRF issue (CVE-2024-55894) affects the Backend User Module. The root cause is CSRF combined with improper handling of state-changing actions via HTTP GET, exposed when security.backend.enforceReferrer is disabled and BE/cookieSameSite is lax/none. Exploitation requires an active bac...
TYPO3 Cross-Site Request Forgery in Backend User Module
Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...
GHSA-6W4X-GCX3-8P7V TYPO3 Cross-Site Request Forgery in Backend User Module
Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Backend User Module. An attacker can manipulate user actions by tricking a victim into visiting a malicious URL while logged into the backend. Note: This is only exploitable if...
CVE-2024-50808
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in adminnotify.php...
PT-2024-34416 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCms version 13.1 Description: The issue is related to a code injection vulnerability in the notification module of the member message notification module in the backend user module. This vulnerability occurs due to the unsafe handling of t...
CVE-2024-50808
SeaCms 13.1 is vulnerable to code injection in the backend user module’s notification flow (member message notification) due to unsafe handling of the notify variable in admin_notify.php. The concrete affected component is the notification module within the backend user area; root cause is improp...