8 matches found
EUVD-2026-40063
A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...
CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...
CVE-2018-18802
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...
EUVD-2025-199868
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2025-66385
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...
CVE-2022-35163
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the UNAME parameter at /category/controller.php?action=edit...
CVE-2018-18802
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...
CVE-2018-18794
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit...