CVE-2018-19923

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...

CVE-2025-64349 ELOG user profile missing authorization

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

EUVD-2018-11595

Malware in sbrugna...

XYHCMS 跨站请求伪造漏洞

xyhcms is a software application. A completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcmsV3.6 has a security vulnerability that can be exploited by an attacker to edit any information about an administrator, such as name, email and password...

Automattic: IDOR when editing email leads to Account Takeover on Atavist

Summary: Hi team, I created an account on Atavist and checked my settings page. I can change my email at https://magazine.atavist.com/cms/reader/account with this request : F936117 And as you can see, there is a id parameter on request data. It's our user ID, and it's vulnerable for IDOR. So we c...

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

CVE-2018-19923

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...