8 matches found
WordPress Simple Membership plugin <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability
Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability discovered by Nikita Fenko - self in WordPress Plugin Simple Membership versions = 4.7.5...
EUVD-2020-23555
Malware in sbrugna...
GHSA-65P7-PJJ8-GGMR Member account takeover
Impact An error in the implementation of the member email change functionality allows unauthenticated users to change the email address of arbitrary member accounts to one they control by crafting a request to the relevant API endpoint, and validating the new address via magic link sent to the ne...
CVE-2020-35972
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html...
WUZHI CMS Cross-Site Request Forgery Vulnerability (CNVD-2018-08547)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in index.php?m=member&v=pwreset in WUZHI CMS version 4.1.0. A remote attacker can exploit the vulnerability to...
SQL Injection Vulnerability in YzmCMS /member/account.php Page
YzmCMS is a lightweight and open source content management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. YzmCMS /member/account.php page has a SQL injection vulnerability. Because the /member/account.php page does not filter parameters, an...
方维O2O城市生活服务平台后门任意文件上传漏洞(官网演示getshell)
简要描述: 用户好像不太多,但基本都有这个后门文件 详细说明: 后门文件路径 /esfile.php 官网介绍 http://www.fanwe.com/o2o 前台演示地址:http://o2o.fanwe.net/ 会员账号:fanwe 密码:fanwe http://o2o.fanwe.net/index.php?ctl=uccenter 分享处上传图片马 F12去掉尺寸,得到图片马地址 http://o2o.fanwe.net/public/comment/201404/17/10/1acafed8eeffa043489a4321b877e36690.jpg Getshell...
IP.Gallery 4.2.x and 5.0.x Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: IP.Gallery 4.2.x and 5.0.x persistent XSS vulnerability image title is vulnerable to persistent XSS vulnerability which allow any normal member to hack any administrator account or any other member account. we contacted the vend...