207 matches found
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
PT-2023-26720 · Jeesite · Jeesite
Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the ActModelController class allows authenticated attackers to arbitrarily delete models created by the Administrator. Recommendations: For jeesite version 1.2.6, consider...
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
CVE-2023-38990
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...
PT-2023-26719 · Jeesite · Jeesite
Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the MenuController class allows authenticated attackers to arbitrarily delete menus created by the Administrator. Recommendations: For jeesite version 1.2.6, consider...
CVE-2023-38990
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...
CVE-2023-38990
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...
Information disclosure
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
Jeesite v1.2.6 has a vulnerability in the delete function of the UserController that allows authenticated attackers to arbitrarily delete the Administrator’s role information. Multiple sources (NVD, RH, OSV, CVE lists, and PTSecurity) confirm the affected software/version and the underlying issue...
PT-2023-26718 · Jeesite · Jeesite
Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the UserController class allows authenticated attackers to arbitrarily delete the Administrator's role information. Recommendations: For jeesite version 1.2.6, consider...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
Information disclosure
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-38988
CVE-2023-38988 – jeesite 1.2.6 exposes a flaw in the delete function of the OaNotifyController that allows authenticated attackers to arbitrarily delete administrator-created notifications. The issue is documented across multiple sources (NVD/Red Hat/RH and others) with a reported CVSS v3.1 base ...
CVE-2023-37598
A Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function...
Improper Access Control
admidio/admidio is vulnerable to Improper Access Control. The vulnerability exists in the delete function of messages.php which allows an attacker to perform unauthorized message deletions...
CSRF in the delete notification function
Description The web application is vulnerable to CSRF in the delete notification function. Proof of Concept Step 1: See that user demo has some notifications. Step 2: Host an HTML trap page and send the URL to the victim history.pushState'', '', '/' document.forms0.submit; And the malicious URL...