CVE-2026-2356

CVE-2026-2356 (User Registration & Membership – WordPress) is a discovered Insecure Direct Object Reference affecting the plugin up to version 5.1.2. The issue arises from missing validation on a user-controlled key (member_id/register_member), enabling unauthenticated deletion of newly created u...

CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

EUVD-2009-1275

Malware in sbrugna...

itsourcecode Gym Management System 注入漏洞

itsourcecode Gym Management System is an itsourcecode open source gym management system. An injection vulnerability exists in version 1.0 of itsourcecode Gym Management System, which is caused by a SQL injection due to incorrect manipulation of the memberid parameter in file/ajax.php...

Mars: IDOR to account takeover on POST to █████████ by changing member_id parameter

Website endpoint was vulnerable to account takeover by changing member ID parameter...

IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net

IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...

Gravity Board X 2.0 BETA (Public Release 3) - SQL Injection Vulnerability

No description provided by source. !/usr/bin/perl Exploit Title: Gravity Board X 2.0 BETA Public Release 3 SQL INJECTION Date: 26.02.2010 Author: Ctacok Software Link: http://www.gravityboardx.com/ Version: 2.0 BETA Public Release 3 Tested on: Windows SP 3 Code : exploit code use LWP::Simple; pri...

PBBoard - &#039;member_id&#039; Validation Password Manipulation

source: https://www.securityfocus.com/bid/54916/info PBBoard is prone to multiple security vulnerabilities including: 1. Multiple SQL-injection vulnerabilities 2. A security-bypass vulnerability 3. An arbitrary file upload vulnerability Exploiting these issues could allow an attacker to carry out...

Gravity Board X 2.0 Beta (Public Release 3) - SQL Injection

Gravity Board X 2.0 Beta Public Release 3 - SQL Injection !/usr/bin/perl Exploit Title: Gravity Board X 2.0 BETA Public Release 3 SQL INJECTION Date: 26.02.2010 Author: Ctacok Software Link: http://www.gravityboardx.com/ Version: 2.0 BETA Public Release 3 Tested on: Windows SP 3 Code : exploit co...

iwiccle 1.01 - Local File Inclusion / SQL Injection

iWiccle 1.01 LFI/SQL Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://www.wiccle.com/index.php?module=wiccle&show=download + Local File Inclusion - PoC's...

Sql injection

SQL injection vulnerability in index.php in Gravity Board X GBX 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the memberid parameter in a viewprofile action. NOTE: the boardid issue is already covered by CVE-2008-2996.2...

Sql injection

Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the newsid parameter to viewnews.php, 2 the catid parameter to viewevents.php, or 3 the memberid parameter to videogallery.php...

CVE-2006-7116

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the memberid parameter $id variable to index.php...

FreeBSD : plone -- 'member_id' Parameter Portrait Manipulation Vulnerability (22c6b826-cee0-11da-8578-00123ffe8333)

Secunia reports : The vulnerability is caused due to missing security declarations in 'changeMemberPortrait' and 'deletePersonalPortrait'. This can be exploited to manipulate or delete another user's portrait via the 'memberid' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

plone -- "member_id" Parameter Portrait Manipulation Vulnerability

Secunia reports: The vulnerability is caused due to missing security declarations in "changeMemberPortrait" and "deletePersonalPortrait". This can be exploited to manipulate or delete another user's portrait via the "memberid" parameter...

cnn_unsubscribe_bot.txt

CNN List Un-Subscribe bot Date: 8/22/01 Author: Jay Daniels PROBLEM: Anyone can Un-Subscribe other users from CNN's distribution list by placing a random number at the end of unsubscribe cgi URL's memberid. CAUSE: There is no confirmation request! I can't remember if there is a confirmation reque...