11 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by bypassing field-level access checks during record creation, provided the user...
Incorrect Authorization
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by...
CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...
CVE-2025-59020
The CVE-2025-59020 issue in TYPO3 CMS arises from abusing the defVals parameter to bypass field-level access checks during backend record creation. This allows insertion of data into restricted exclude fields for tables where the user has write access to a limited set of fields. Affected TYPO3 ve...
EUVD-2026-2090
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...
EUVD-2020-27438
Malware in sbrugna...
CVE-2024-11102
A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched...
PT-2024-16764 · Sourcecodester · Sourcecodester Hospital Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Hospital Management System version 1.0 Description: A high-severity issue affects the SourceCodester Hospital Management System, where the manipulation of the name argument in the /vm/doctor/edit-doc.php file leads to cross-sit...
CVE-2023-4443
A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It...
CVE-2021-26215
SeedDMS 5.1.x is affected by cross-site request forgery CSRF in out.EditDocument.php...
SeedDMS 跨站请求伪造漏洞
SeedDMS is a free document management system with an easy-to-use web-based user interface. A cross-site request forgery vulnerability exists in out.EditDocument.php in SeedDMS 5.1.. An attacker can exploit this vulnerability to edit a victim's document...