60 matches found
CVE-2019-25682
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...
CVE-2026-33125
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version...
CVE-2026-33125
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version...
CVE-2026-33125
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version...
PT-2026-26098
Summary Users with the viewer role can delete admin and other users account. It this leads to denial of service and affects data integrity. Details Endpoint DELETE /api/users/admin is enable to anonymous user. PoC I deleted admin user on demo.frigate.video: Impact It this leads to denial of servi...
CVE-2025-70141
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...
CVE-2020-37079
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...
CVE-2020-37079 Wing FTP Server < 6.2.7 - Cross-site Request Forgery
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...
PT-2026-6812
Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 6.2.7 Description Wing FTP Server versions prior to 6.2.7 have a cross-site request forgery CSRF issue in the web administration interface. This allows attackers to delete administrative users by crafting a...
CVE-2026-0728
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...
CVE-2026-0728
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...
CVE-2026-0728 code-projects Intern Membership Management System delete_admin.php sql injection
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...
CVE-2026-0728 code-projects Intern Membership Management System delete_admin.php sql injection
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...
CVE-2026-0728
The CVE-2026-0728 entry describes a SQL injection in code-projects Intern Membership Management System 1.0, via the admin_id parameter in /intern/admin/delete_admin.php. The issue is remotely exploitable and exploits have been publicly disclosed. No remediation/fix details are provided in the con...
PT-2026-1978
Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A security issue exists in code-projects Intern Membership Management System 1.0. The problem involves the processing of the file '/intern/admin/delete admin.php'...
CVE-2025-13572
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /deleteadmin.php. The manipulation of the argument adminid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...
EUVD-2025-198590
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /deleteadmin.php. The manipulation of the argument adminid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...
CVE-2025-13572
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /deleteadmin.php. The manipulation of the argument adminid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...
CVE-2025-13572
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /deleteadmin.php. The manipulation of the argument adminid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...
CVE-2025-13572 projectworlds Advanced Library Management System delete_admin.php sql injection
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /deleteadmin.php. The manipulation of the argument adminid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...