42 matches found
CVE-2023-43154
In Macrob7 Macs Framework Content Management System CMS 1.1.4f, loose comparison in "isValidLogin" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account...
PT-2023-28721 · Macrob7 · Macrob7 Macs Framework Content Management System
Name of the Vulnerable Software and Affected Versions: Macrob7 Macs Framework Content Management System CMS version 1.1.4f Description: The issue is related to a PHP type confusion vulnerability due to loose comparison in the isValidLogin function during a login attempt. This vulnerability can le...
CVE-2023-43154
CVE-2023-43154 affects Macrob7 Macs Framework CMS v1.1.4f. The root cause is a PHP type confusion in a loose comparison (isValidLogin()) that compares username and password with == instead of ===, allowing authentication bypass and administrator takeover. The vulnerability arises during login whe...
CVE-2023-43154
In Macrob7 Macs Framework Content Management System CMS 1.1.4f, loose comparison in "isValidLogin" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account...
Macrob7 Macs Framework Cms Security Vulnerability
Macrob7 Macs Framework Cms is an open source Cms framework by the individual developer Macdonald Terrence Robinson. A security vulnerability exists in Macrob7 Macs Framework Cms v1.1.4f CMS, which stems from a type confusion vulnerability in the isValidLogin function. The vulnerability can be...
Macrob7 Macs Framework Cms SQL Injection Vulnerability
Macrob7 Macs Framework Cms is an open source Cms framework from the personal developer Macdonald Terrence Robinson. version 1.14 of the Macrob7 Macs Framework Content Management System is vulnerable to SQL injection, which allows attackers to SQL injection can be performed via the "roleId"...
CVE-2020-36498
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
CVE-2020-23047
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...
CVE-2020-23045
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...
CVE-2020-23045
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...
CVE-2020-23047
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...
Cross site scripting
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
Sql injection
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...
Cross site scripting
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...
CVE-2020-23045
Macrob7 Macs Framework Content Management System, version 1.14f, is reported to contain an SQL injection vulnerability in the editRole and deletUser modules triggered by the roleId parameter. The root cause is improper handling of the roleId input leading to SQL injection. No explicit remediation...
CVE-2020-23045
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...
CVE-2020-23047
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...
CVE-2020-23047
CVE-2020-23047 corresponds to a cross-site scripting (XSS) vulnerability in the Macrob7 Macs Framework Content Management System (CMS) version 1.14f, specifically in the search input field of the search module. Multiple connected sources confirm the issue and identify the affected product and ver...
CVE-2020-36498
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...
CVE-2020-36498
The CVE-2020-36498 entry concerns Macrob7 Macs Framework Content Management System (CMS) v1.14f. A cross-site scripting (XSS) vulnerability exists in the account reset function, allowing an attacker to execute arbitrary web scripts or HTML via a crafted payload in the email input field. The issue...