11 matches found
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there were security vulnerabilities. These vulnerabilities stemmed fr...
GHSA-XQV4-XM7H-52CV Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items
Summary The Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for itemdelete, itemretire, itemreinstate, itempictureupload, itempicturesav...
WordPress plugin cms-fuer-motorrad-werkstaetten 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
CVE-2025-53108
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 3.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of /inventory/itemsview.php...
PT-2023-32662 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/inventory/items view.php" API...
CVE-2023-2842
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack...
Cross site request forgery (csrf)
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack...
CVE-2023-2842 WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack...
CVE-2023-2842 WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack...
WordPress plugin WP Inventory Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...