283 matches found
CASAP Automated Enrollment SQL注入漏洞
CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve...
CVE-2020-20586
A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...
VulnCheck KEV: CVE-2021-34622
A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...
CVE-2021-0481
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
Billing Management System 2.0 - Union based SQL injection (Authenticated) Vulnerability
Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...
Billing Management System 2.0 - Union based SQL injection (Authenticated)
Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Date: 2021-05-16 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...
Chamilo LMS Cross-Site Request Forgery Vulnerability (CNVD-2021-33522)
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...
CVE-2020-27575
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation...
Maxum Rumpus 命令注入漏洞
Maxum Rumpus is an FTP and Web file transfer server. A command injection vulnerability exists in a parameter of the Edit User form in Maxum Rumpus 8.2.13, 8.2.14, which can be exploited by an attacker to inject arbitrary commands...
CMS Made Simple 2.2.15 Remote Command Execution
Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...
CVE-2020-23836
A Cross-Site Request Forgery CSRF vulnerability in edituser.php in OSWAPP Warehouse Inventory System aka OSWA-INV through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site...
Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password) Exploit
Exploit for php platform in category web applications Exploit Title: Warehouse Inventory System 1.0 - Cross-Site Request Forgery Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://oswapp.com Software Link:...
Warehouse Inventory System 1.0 Cross Site Request Forgery
Exploit Title: Warehouse Inventory System - Cross-Site Request Forgery CSRF - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 9th, 2020 Vendor Homepage: https://oswapp.com Software Link:...
phpIPAM < 1.4.2 XSS Vulnerability
phpIPAM is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam";...
Microweber Code Issue Vulnerability
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A code issue vulnerability exists in admin/view:modules/loadmodule:usersedit-user=1 in...
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/loadmodule:usersedit-user=1 does not verify that the file extension used with the Add Image option on the Edit User screen corresponds to an image file...
CVE-2020-13225
phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...
CVE-2020-13225
phpIPAM 1.4 contains a stored cross site scripting XSS vulnerability within the Edit User Instructions field of the User Instructions widget...
CVE-2020-13225
CVE-2020-13225 affects phpIPAM 1.4 and is a stored cross-site scripting (XSS) vulnerability in the Edit User Instructions field of the User Instructions widget. The issue arises from insufficient input validation, allowing injected scripts to be stored and potentially executed in the context of t...