Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

CVE-2018-25190

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...

CVE-2018-25190 Easyndexer 1.0 Cross-Site Request Forgery via createuser.php

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...

PT-2026-23700

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...

Easyndexer 跨站请求伪造漏洞

Easyndexer is a database interface software developed by rul10’s individual developers. Version 1.0 of Easyndexer contains a cross-site request forgeing vulnerability. This vulnerability stems from the createuser.php file, which has a cross-site request forgeing issue, potentially allowing...

CVE-2026-2009

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2009 SourceCodester Gas Agency Management System createUser.php access control

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2009

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

PT-2026-2167

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit_Project Polkit

CVE-2021-3560 is an authenticatio...

CVE-2025-11357

A security flaw has been discovered in code-projects Simple Banking System 1.0. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit has been released to the...

CVE-2025-11357

A security flaw has been discovered in code-projects Simple Banking System 1.0. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit has been released to the...

CVE-2025-11357

The CVE-2025-11357 entry concerns code-projects Simple Banking System 1.0, with a SQL injection in the /createuser.php endpoint via the Name parameter due to insufficient input validation. Public exploitation is indicated, and remote initiation is possible. Multiple connected sources corroborate ...

Code-Projects Simple Banking System SQL注入漏洞

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /createuser.php. An attacker can exploit this vulnerability to execute...

EUVD-2024-3299

Malicious code in bioql PyPI...

EUVD-2023-41928

Malicious code in bioql PyPI...

CVE-2025-6891

A vulnerability classified as critical has been found in code-projects Inventory Management System 1.0. Affected is an unknown function of the file /phpaction/createUser.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2023-1475

A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack may be initiated remotely. The exploit ha...

CVE-2024-45794

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...

SQL Injection

github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...