20 matches found
CVE-2026-2107 yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info...
CVE-2026-2107
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info...
EUVD-2026-5720
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info...
CVE-2026-2107
CVE-2026-2107 affects yeqifu warehouse (Log Info Handler). Multiple methods in LoginfoController (loadAllLoginfo, deleteLoginfo, batchDeleteLoginfo) enable improper authorization, with remote exploit capability. Public exploit exists; product uses no versioning, so affected/unaffected releases ar...
CVE-2026-2106 yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the...
CVE-2026-2106 yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the...
CVE-2026-2106
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the...
CVE-2026-2106
The CVE-2026-2106 entry relates to yeqifu warehouse, affecting the Notice Management component. The exposed flaw is in NoticeController.java functions addNotice, updateNotice, deleteNotice, and batchDeleteNotice, causing improper authorization and enabling remote exploitation. Publicly disclosed ...
PT-2026-6914
Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 Description A flaw exists within the Notice Management component of yeqifu warehouse, specifically in the addNotice, updateNotice, deleteNotice, and batchDeleteNotice...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
In JIZHICMS up to version 2.5.5, the Batch Delete Comments component exposes an SQL injection through the file /index.php/admins/Comment/deleteAll.html via the functions deleteAll, findAll, and delete. The issue is triggered by manipulated input and can be exploited remotely. Public exploit infor...
JIZHICMS SQL注入漏洞
JIZHICMS Jizhi CMS is an open source content management system CMS from China Jizhi JIZHI. A SQL injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect operation of the component Batch Delete Comments in the file /index.php/admins/Comment/deleteAll.html,...
MongoDB Server 安全漏洞
MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server version v7.0 up to and including version 7.0.26...
Cross-site Scripting (XSS) - Stored in projectsend/projectsend
💥 BUG CSRF bug to delete file 💥 SUMMURY during batch delete file there is no csrf token present 💥 STEP TO REPRODUCE 1. vulnerable url is http://localhost/projectsend2/manage-files.php?action=delete&batch=27&batch=31&page=1 .\ Here in this url change file-id to delete and open the url and see file...
Override Deletion Vulnerability in Journalx 2.0, a Remote Processing System for Journal Manuscripts
Journalx 2.0 is a remote processing platform for journal manuscripts developed independently by Beijing Magtech. Journalx 2.0 is vulnerable to an override deletion vulnerability. An attacker can exploit the vulnerability to batch delete unfinished manuscripts in the author's background of the...