613 matches found
WCMultiShipping < 2.3.6 - Missing Authorization to Log Export
Description The WCMultiShipping plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wmsexportlog function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above,...
CVE-2023-46355
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-6189
The CVE-2023-6189 entry concerns the M-Files server prior to version 23.11.13156.0, where a lack of proper access permissions checks allows an attacker to perform data write and export operations via the M-Files API. Affected component: M-Files server; root cause: missing access control on API me...
CVE-2023-6189 Improper Permission Handling in M-Files Server
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...
PT-2023-19626 · WordPress · Userpro
Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 5.1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the export users function. This allows unauthenticated attackers...
CVE-2023-48029
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution ...
Apple macOS Security Breach
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14, which stems from a shortcut that may export sensitive user data without consent...
CVE-2023-38422
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data...
Walchem Intuition 访问控制错误漏洞
Walchem Intuition is a controller from Walchem. An Access Control Error vulnerability exists in versions prior to Walchem Intuition 9 v4.21 that stems from a lack of authentication and could allow an attacker to download and export sensitive data...
CVE-2023-3259
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the...
Hard-coded System User Credentials in Folio Data Export Spring module
Impact The module creates a system user that is used to perform internal module-to-module operations. Credentials for this user are hard-coded in the source code. This makes it trivial to authenticate as this user, resulting in unauthorized access to potentially dangerous APIs, allowing to view a...
GHSA-VF78-3Q9F-92G3 Hard-coded System User Credentials in Folio Data Export Spring module
Impact The module creates a system user that is used to perform internal module-to-module operations. Credentials for this user are hard-coded in the source code. This makes it trivial to authenticate as this user, resulting in unauthorized access to potentially dangerous APIs, allowing to view a...
CVE-2021-4412
The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...
CVE-2021-4412 WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass
The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...
CVE-2021-4412 WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass
The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...
OpenCart SQL Injection Vulnerability (CNVD-2023-54401)
OpenCart is an open source online shopping system that allows you to build your own online store. The system is simple and easy to use and supports all kinds of data import and export , including product information , user orders , products and so on. Through OpenCart users can easily complete th...
Ad Manager Pro 3.05 Backup Disclosure
==================================================================================================================================== | Title : Ad Manager Pro 3.05 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
CVE-2023-26429
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly...
CVE-2023-27890
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
PT-2023-21397 · Mybb · Export User Plugin
Name of the Vulnerable Software and Affected Versions: Export User plugin through 2.0 for MyBB Description: The issue allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. This affects products that are no longer supported b...