CVE-2026-8980

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

CVE-2016-20051

CVE-2016-20051 concerns Snews CMS 1.7, where a cross-site request forgery allows an attacker to change administrator credentials without authentication by inducing an authenticated admin to submit a hidden form that targets the changeup action. The vulnerability stems from how the changeup POST r...

EUVD-2026-4681

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an...

CVE-2018-19319

SRCMS 3.0.0 allows CSRF via admin.php?m=Admin=gifts=update to change goods prices with the super administrator's privileges...

CVE-2009-4821

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to 1 change the admin password via the adminpassword parameter, 2 disable the security requirement for the Wi-Fi network via unspecified vectors, or 3 modify DNS...

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

EUVD-2018-9725

Malware in sbrugna...

EUVD-2019-3071

Malware in sbrugna...

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

CVE-2022-43110

CVE-2022-43110 affects Voltronic Power ViewPower up to 1.04-21353 and PowerShield Netguard up to 1.04-23292. An unauthenticated remote attacker can configure the system via an unspecified web interface, including changing the web admin password, viewing/changing system configuration, enumerating ...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

CVE-2020-18889

Cross Site Request Forgery CSRF vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php...

D-Link DNS-320 安全漏洞

D-Link DNS-320 is a NAS Network Attached Storage device from China AUO D-Link. A security vulnerability exists in D-Link DNS-320 version v1.00 and DNS-320LW version v1.01.0914.20212, which stems from a flaw in the accountmgr.cgi - cgichgadminpw component that could lead to the execution of...

PT-2024-38813 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress version 3.0.8 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to change an admin's username to a username of their...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

CSRF Change Forward Power: -------------------------...

CVE-2023-3427

The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'savecustomer' function. This makes it possible for unauthenticated attackers to change the admin role to...

Sielco Analog FM Transmitter 2.12 Improper Access Control Change Admin Password

Summary Sielco designs and produces FM radio transmitters for professional broadcasting. The in-house laboratory develops standard and customised solutions to meet all needs. Whether digital or analogue, each product is studied to ensure reliability, resistance over time and a high standard of...

Online Banquet Booking System 1.0 Cross Site Request Forgery

Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. An access control error vulnerability exists in DataEase, which stems from the fact that the product allows authorized users to access all user information and change administrator passwords. No details of the vulnerability are...