CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

CVE-2023-27310

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to...

Core Remote Elevation of Privilege Vulnerability

Joomla! is a PHP-based open source content management system CMS. Can be used to build commercial Web sites , personal blogs , information management systems , Web services , etc. , but also for secondary development to expand the scope of use . A remote elevation of privilege vulnerability exist...

CVE-2002-0096

The installation of Geeklog 1.3 creates an extra groupassignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended...