48 matches found
SUSE CVE-2024-45794
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
GO-2024-3260 Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron
Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...
GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...
PT-2024-31775 · Devtron +1 · Devtron +1
Name of the Vulnerable Software and Affected Versions: Devtron versions prior to 0.7.2 Description: Devtron is an open source tool integration platform for Kubernetes. An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL...
CVE-2023-38102
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit...
CVE-2023-38102
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit...
CVE-2023-38102 NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit...
CVE-2023-38102 NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit...
CVE-2023-38102
NETGEAR ProSAFE Network Management System is affected by CVE-2023-38102 through the createUser function, which allows privilege escalation due to missing authorization prior to performing the action. The flaw can be abused after authentication, as the authentication mechanism can be bypassed, ena...
PT-2024-15547 · Codeastro · Codeastro Simple Banking System
Name of the Vulnerable Software and Affected Versions: CodeAstro Simple Banking System version 1.0 Description: A problematic vulnerability has been found in the CodeAstro Simple Banking System, affecting an unknown part of the file createuser.php of the component Create a User Page. The...
The vulnerability of the createUser function in the system for managing, diagnosing, and optimizing the operation of network devices, ProSafe Network Management NMS300, allows a hacker to increase their privileges.
The vulnerability of the createUser function in the ProSafe Network Management NMS300 system, a device for managing, diagnosing, and optimizing network devices, lies in buffer overflow attacks. Exploiting this vulnerability can allow attackers to gain increased privileges remotely...
CVE-2022-30280
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...
PT-2023-12999 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to th...
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2023-1475
A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack may be initiated remotely. The exploit ha...
PT-2023-17013 · Sourcecodester · Sourcecodester Canteen Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Canteen Management System version 1.0 Description: A critical issue has been found in the SourceCodester Canteen Management System. This issue affects the function query of the file createuser.php. The manipulation of the...