CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0, which originates from an SQL injection vulnerability in /admin/deleteusers.php...

CVE-2024-40443

CVE-2024-40443 affects Simple Laboratory Management System (SourceCodester CS) v1.0, via an SQL injection in the delete_users function of Useres.php that can cause denial of service. The vulnerability stems from insecure SQL handling in the application’s user deletion pathway. Exploitation detail...

SourceCodester Computer Laboratory Management System 安全漏洞

SourceCodester Computer Laboratory Management System is a SourceCodester open source computer laboratory management system. A security vulnerability exists in SourceCodester Computer Laboratory Management System v1.0, which stems from a SQL injection vulnerability that allows remote attackers to...

CVE-2024-7667

A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0. This affects the function deleteusers of the file User.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-7667

CVE-2024-7667 affects SourceCodester Car Driving School Management System 1.0, specifically the delete_users function in User.php. The vulnerability arises from improper handling of the id argument, enabling SQL injection. Exploitation can be performed remotely, and public disclosures exist. Conn...

CVE-2024-7667 SourceCodester Car Driving School Management System User.php delete_users sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0. This affects the function deleteusers of the file User.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...

WordPress <= 3.0.1 - BYPASS

wp-includes/capabilities.php does not require the Super Admin role for the deleteusers capability that allows remote authenticated administrators to bypass intended access restrictions via a delete action. Solution Update WordPress...