📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference

WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...

Exploit for Improper Authorization in Wbce Wbce_Cms

CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation...

CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

CVE-2025-65094

CVE-2025-65094 affects WBCE CMS prior to 1.6.4. A low-privileged user can escalate to Administrators by manipulating the groups[] parameter in the /admin/users/save.php request. UI prevents selection of other groups, but server-side validation is missing, allowing overwriting of group membership ...

CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

EUVD-2006-3753

Malware in sbrugna...

EUVD-2024-53116

Malicious code in bioql PyPI...

CVE-2025-9263

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers...

CVE-2024-56335

Vaultwarden (unofficial Bitwarden server in Rust) is affected by CVE-2024-56335 when ORG_GROUPS_ENABLED is enabled. An account with admin/owner rights in an unrelated organization, who also has a user account on the server, can update or delete groups in a target organization if they know the tar...

ADB Broadband Gateways / Routers - Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N...

ADB Broadband Gateways Routers - Privilege Escalation

ADB Broadband Gateways Routers - Privilege Escalation SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro...

CVE-2017-1539

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807...

Fiyo CMS 2.0.6.1 Privilege Escalation Vulnerability

Fiyo CMS version 2.0.6.1 suffers from a privilege escalation vulnerability due to poor design with trusting the client to tell the server a user's role. Exploit Title: Privilege Escalation Manipulation of User Group Vulnerability on Fiyo CMS 2.0.6.1 Google Dork: no Date: 11-03-2017 Exploit Author...

Fiyo CMS 2.0.6.1 Privilege Escalation

Exploit Title: Privilege Escalation Manipulation of User Group Vulnerability on Fiyo CMS 2.0.6.1 Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link: https://sourceforge.net/projects/fiyo-cms Version: 2.0.6.1 Tested on: Window...

Fiyo CMS 2.0.6.1 - Privilege Escalation

Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link: https://sourceforge.net/projects/fiyo-cms Version: 2.0.6....

Concrete CMS: No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group

crayons There is no csrf protection on index.php/ccm/system/user/addgroup, and index.php/ccm/system/user/removegroup. A malicious POST request can be constructed to add or remove group membership from arbitrary users, if a logged-in admin surfs to a compromised site. For example, a registered use...

Buddypress <= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Manipulation

The BuddyPress WordPress plugin was affected by a Crafted bpnewgroupid Cookie Arbitrary Group Manipulation security vulnerability...

CVE-2006-3759

Unspecified vulnerability in MyBB aka MyBulletinBoard 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."...

CVE-2006-3759

Technical details, affected product versions, root cause, and exploitation specifics are not provided in the supplied documents. Monitor for updates from NVD/CVE listings for CVE-2006-3759.