15 matches found
CVE-2023-4851
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2024-2285
A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/memberedit.php. The manipulation of the argument name leads to cross site scripting. The attack may be...
EUVD-2019-3053
Malware in sbrugna...
CVE-2022-44140
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
WordPress WP eMember plugin < 10.6.7 - Reflected XSS via Member Edit vulnerability
Reflected XSS via Member Edit vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...
GHSA-XPFF-C35G-J3CR silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission EDITPERMISSIONS and access to the "Security" section is able to re-assign themselves or another member to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privileg...
silverstripe/framework Privilege Escalation Risk in Member Edit form
A member with the permission EDITPERMISSIONS and access to the "Security" section is able to re-assign themselves or another member to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privileg...
CVE-2024-2285
A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/memberedit.php. The manipulation of the argument name leads to cross site scripting. The attack may be...
PT-2024-19584 · Unknown · Boyiddha Automated-Mess-Management-System
Name of the Vulnerable Software and Affected Versions: boyiddha Automated-Mess-Management-System version 1.0 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /member/member edit.php. The manipulation of the name argument leads to...
CVE-2023-4851
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...
JIZHICMS SQL注入漏洞
Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology Company. A SQL injection vulnerability exists in JIZHICMS v2.3.3, which can be exploited by attackers to perform SQL injection via the /Member/memberedit.html...
PT-2022-27121 · Jizhicms · Jizhicms
Name of the Vulnerable Software and Affected Versions: Jizhicms version 2.3.3 Description: A SQL injection issue was found in the /Member/memberedit.html component. This allows for potential exploitation via SQL injection attacks. Recommendations: For Jizhicms version 2.3.3, consider restricting...
CVE-2019-11375
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI...
SS-2018-001: Privilege Escalation Risk in Member Edit form
More info at https://www.silverstripe.org/download/security-releases/ss-2018-001/...
DedeCMS system has arbitrary file deletion vulnerability
Weaving dream content management system DedeCms is a PHP open source website management system. An arbitrary file deletion vulnerability exists in the DedeCMS system\member\editface.php file. An attacker can exploit the vulnerability to delete arbitrary files...