5 matches found
CVE-2026-34427
Vvveb versions prior to 1.0.8.1 contain a privilege escalation in the admin/user/save endpoint. An authenticated user can inject role_id=1 in profile save requests to elevate to Super Administrator, enabling plugin upload functionality and remote code execution. The fix is provided in 1.0.8.1 (se...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the endpoint where administrator...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities; these vulnerabilities stemmed from cross-site scripting vulnerabilities, which coul...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the subdir parameter being written to the...
CVE-2019-6858
A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator Software Version prior to V1.0.8.1, which could cause privilege escalation when injecting a malicious DLL...