39 matches found
CVE-2025-44823
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...
EUVD-2025-32882
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...
CVE-2025-44823
Nagios Log Server (before 2024R1.3.2) is vulnerable: unauthenticated? No—authenticated users with access to the API can call /nagioslogserver/index.php/api/system/get_users to retrieve cleartext admin API keys. The underlying issue exposes user accounts and API keys, enabling full system compromi...
CVE-2017-1000120
ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method GetUsers, which can be exploited by an attacker to bypass authorizatio...
PT-2025-41174
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server before version 2024R1.3.2 contains a flaw that allows authenticated users to retrieve cleartext administrative API keys. This is achieved by making a call to the...
PT-2025-12318
Name of the Vulnerable Software and Affected Versions BerriAI/litellm version main-latest Description The issue is related to improper authorization. When a user with the role internal user viewer logs into the application, they are provided with an overly privileged API key. This key allows acce...
CVE-2024-50671
Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...
PT-2024-34387 · Adapt Learning · Adapt Learning Adapt Authoring Tool
Name of the Vulnerable Software and Affected Versions: Adapt Learning Adapt Authoring Tool versions = 0.11.3 Description: The issue is related to incorrect access control, allowing attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. This occurs due to a...
Adapt Authoring Tool 安全漏洞
Adapt Authoring Tool is a free and easy-to-use eLearning authoring tool from Adapt Learning open source. A security vulnerability exists in Adapt Authoring Tool that stems from incorrect access control and allows an attacker with an authenticated user role to obtain an email address via the Get...
PT-2024-15676 · WordPress · The Awesome Support – Wordpress Helpdesk & Support Plugin
Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to unauthorized access due to a missing capability check on the wpas get users function, whi...
PT-2024-15675 · WordPress · The Awesome Support – Wordpress Helpdesk & Support Plugin
Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to a union-based SQL Injection vulnerability via the q parameter of the wpas get users actio...
WordPress Plugin Awesome Support SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-2599
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...
CVE-2023-2599
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...
WordPress Plugin Active Directory Integration 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2021-15716
Name of the Vulnerable Software and Affected Versions: User Profile Picture WordPress plugin versions prior to 2.5.0 Description: The issue concerns the REST API endpoint "get users" in the User Profile Picture WordPress plugin, which returned excessive information to users with the upload files...
MantisBT SQL注入漏洞
MantisBT is a lightweight, free and open source, web-based defect tracking system. A SQL injection vulnerability exists in the "access" parameter of the mcprojectgetusers function in MantisBT 2.24.3. An attacker can exploit this vulnerability via API SOAP to conduct SQL injection attacks...
Frappe frappe.share.get_users SQL Injection Vulnerability
Frappe is a WEB application. Frappe frappe.share.getusers suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...