Lucene search
K

283 matches found

CNNVD
CNNVD
added 2021/07/22 12:0 a.m.5 views

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve...

9.8CVSS6.3AI score0.01476EPSS
Exploits1References2
OSV
OSV
added 2021/07/08 4:15 p.m.2 views

CVE-2020-20586

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

4.5CVSS5.3AI score0.00512EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2021/06/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-34622

A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...

9.8CVSS7.2AI score0.0412EPSS
Exploits2References1
OSV
OSV
added 2021/06/11 5:15 p.m.2 views

CVE-2021-0481

In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

7.8CVSS7.2AI score0.00754EPSS
Exploits0References1
0day.today
0day.today
added 2021/05/17 12:0 a.m.21 views

Billing Management System 2.0 - Union based SQL injection (Authenticated) Vulnerability

Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/17 12:0 a.m.180 views

Billing Management System 2.0 - Union based SQL injection (Authenticated)

Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Date: 2021-05-16 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/05/07 12:0 a.m.6 views

Chamilo LMS Cross-Site Request Forgery Vulnerability (CNVD-2021-33522)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...

8.8CVSS6.6AI score0.00784EPSS
Exploits1References1
OSV
OSV
added 2021/03/08 10:15 p.m.3 views

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation...

8.8CVSS7.3AI score0.04604EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/08 12:0 a.m.5 views

Maxum Rumpus 命令注入漏洞

Maxum Rumpus is an FTP and Web file transfer server. A command injection vulnerability exists in a parameter of the Edit User form in Maxum Rumpus 8.2.13, 8.2.14, which can be exploited by an attacker to inject arbitrary commands...

8.8CVSS5.9AI score0.04604EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.240 views

CMS Made Simple 2.2.15 Remote Command Execution

Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...

0.1AI score
Exploits0
OSV
OSV
added 2020/09/01 5:15 p.m.2 views

CVE-2020-23836

A Cross-Site Request Forgery CSRF vulnerability in edituser.php in OSWAPP Warehouse Inventory System aka OSWA-INV through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site...

8.8CVSS7.4AI score0.00645EPSS
Exploits1References2
0day.today
0day.today
added 2020/08/10 12:0 a.m.183 views

Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password) Exploit

Exploit for php platform in category web applications Exploit Title: Warehouse Inventory System 1.0 - Cross-Site Request Forgery Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://oswapp.com Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/10 12:0 a.m.150 views

Warehouse Inventory System 1.0 Cross Site Request Forgery

Exploit Title: Warehouse Inventory System - Cross-Site Request Forgery CSRF - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 9th, 2020 Vendor Homepage: https://oswapp.com Software Link:...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2020/05/26 12:0 a.m.42 views

phpIPAM < 1.4.2 XSS Vulnerability

phpIPAM is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam";...

4.8CVSS5AI score0.00611EPSS
Exploits1References2
CNVD
CNVD
added 2020/05/21 12:0 a.m.3 views

Microweber Code Issue Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A code issue vulnerability exists in admin/view:modules/loadmodule:usersedit-user=1 in...

7.8CVSS7.3AI score0.00455EPSS
Exploits1References1
OSV
OSV
added 2020/05/20 7:15 p.m.4 views

CVE-2020-13241

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

7.8CVSS5.8AI score0.00455EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/05/20 6:53 p.m.28 views

CVE-2020-13241

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...

7.6AI score0.00455EPSS
Exploits1References1
NVD
NVD
added 2020/05/20 4:15 a.m.23 views

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

4.8CVSS4.9AI score0.00611EPSS
Exploits1References2
OSV
OSV
added 2020/05/20 4:15 a.m.14 views

CVE-2020-13225

phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...

4.8CVSS5.5AI score
Exploits0References2
CVE
CVE
added 2020/05/20 3:5 a.m.63 views

CVE-2020-13225

CVE-2020-13225 affects phpIPAM 1.4 and is a stored cross-site scripting (XSS) vulnerability in the Edit User Instructions field of the User Instructions widget. The issue arises from insufficient input validation, allowing injected scripts to be stored and potentially executed in the context of t...

4.8CVSS4.9AI score0.00611EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder