CVE-2025-14012

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...

CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

CVE-2025-14011 JIZHICMS Add Display Name Field addcomment.html commentlist sql injection

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

CVE-2025-14011

CVE-2025-14011 involves JIZHICMS up to version 2.5.5. Affected is the function commentlist in /index.php/admins/Comment/addcomment.html, within the Add Display Name Field component. The issue arises from manipulation of the aid/tid parameter, enabling SQL injection. Public exploitation exists, an...

JIZHICMS 代码注入漏洞

JIZHICMS Jizhi CMS is a set of open source content management system CMS of China Jizhi JIZHI company. A code injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter body in the file /index.php/admins/Comment/addcomment.html,...

PT-2025-49105

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely...

GO-2025-4172 Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost

Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

Privilege Context Switching Error

Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...

Privilege Context Switching Error

Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...

CVE-2025-12756 Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

CVE-2025-12756 Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

CVE-2025-12756

Mattermost vulnerability CVE-2025-12756 affects Mattermost Server with Boards: versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, and 10.5.x

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to validate user permissions when deleting comments, which could lead to unauthorized comment deletion. The following versions ar...

EUVD-2025-199924

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783 taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783

CVE-2025-13783 affects taosir WTCMS (CommentadminController) via SQL injection in the check/uncheck/delete path of application/Comment/Controller/CommentadminController.class.php. A remote attacker could exploit by manipulating the ids argument; exploits have been publicly released. Affected vers...

PT-2025-48385

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 Description A security flaw exists in taosir WTCMS. The issue affects the check/uncheck/delete function within the...

wtcms SQL注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. An SQL injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter ids in the file application/Comment/Controller/CommentadminController.class.php, which could lead to SQL...

CVE-2025-65031

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...