CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-3200 z-9527 admin user.js getUsers sql injection

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-3200

CVE-2026-3200 affects the z-9527 admin 1.0/2.0 product. The vulnerability is in the server-side code, specifically the functions checkName, register, login, getUser, and getUsers in /server/controller/user.js, where improper handling leads to SQL injection. The issue can be triggered remotely and...

admin SQL注入漏洞

Admin is a chatroom software developed by Z-9527 as an individual developer. Versions 1.0 and 2.0 of Admin have SQL injection vulnerabilities. These vulnerabilities stem from incorrect operations on the functions checkName/register/login/getUser/getUsers in the file/server/controller/user.js, whi...

CVE-2024-9262

CVE-2024-9262 affects the WordPress plugin “User Meta – User Profile Builder and User management plugin” (WordPress). It describes an Insecure Direct Object Reference via getUser() caused by missing validation on a user-controlled key. The vulnerability affects all versions up to and including 3....

PT-2024-39521 · WordPress · The User Meta

Name of the Vulnerable Software and Affected Versions: The User Meta – User Profile Builder and User management plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Insecure Direct Object Reference, which can be exploited by authenticated attackers with...

CVE-2020-29168

SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint...

PT-2023-11774 · Unknown · Projectworlds Online Doctor Appointment Booking System

Name of the Vulnerable Software and Affected Versions: Projectworlds Online Doctor Appointment Booking System affected versions not specified Description: The issue allows attackers to gain sensitive information via the "getuser.php" endpoint, specifically through the q parameter. This is a SQL...

VulnCheck KEV: CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

Online Doctor Appointment Booking System SQL Injection Vulnerability

Online Doctor Appointment Booking System is a web-based online appointment booking system from PHP Scripts Mall Php Scripts Mall, India. Online Doctor Appointment Booking System suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in the getuser.php...

CVE-2020-29283

An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php...

Online Doctor Appointment Booking System SQL注入漏洞

Online Doctor Appointment Booking System is a web-based online appointment booking system from PHP Scripts Mall Php Scripts Mall, India. Online Doctor Appointment Booking System suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in the getuser.php...

D-Link DCS-2530L and DCS-2670L Information Disclosure Vulnerability

The DCS-2530L and DCS-2670L are Full HD 180-degree Wi-Fi cameras from D-Link. A security vulnerability exists in cgi-bin/ddnsenc.cgi in the D-Link DCS-2530L and DCS-2670L. An attacker can exploit this vulnerability to obtain the administrator password via the /config/getuser endpoint...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure...

BSA Radar 1.6.7234.24750 Cross Site Request Forgery

Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Date: 2020-06-22 Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-14944 Description: The Global RADAR BSA Radar...

BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password) Vulnerability

Exploit for hardware platform in category web applications Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-1494...

CVE-2020-14944

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser...

Post-Exploitation Framework for Linux Written in Bash: Orc

Orc is a simple post-exploitation written in bash. I wrote this because I myself needed a more featureful post-exploitation toolkit for Linux. It’s part of a larger bundle of scripts and tools, but I’ll add those as I write and re-write them. It takes the form of an ENV script, so load orc into a...

Zivif PR115-204-P-RS Security Bypass Vulnerability

The Zivif PR115-204-P-RS is a webcam device. A security bypass vulnerability exists in the Zivif PR115-204-P-RS version 2.3.4.2103, which stems from the program's failure to perform sufficient authentication checks on requests sent to a CGI page. A remote attacker can exploit the vulnerability by...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...