Authorization Bypass

askbot is vulnerable to Authorization Bypass. The vulnerability is due to an incomplete permissions check, where an attacker authenticated with normal user permissions can modify the profile picture of other application users...

CVE-2025-57130

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...

CVE-2025-64349

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

PT-2024-34522 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 build 15514 Description: The issue allows a low-privileged attacker to modify their profile name and inject a malicious payload into the Name field. When an administrator later accesses the People Management page,...

CVE-2024-27899

CVE-2024-27899 affects SAP NetWeaver AS Java, specifically the User Admin Application’s Self-Registration and profile modification function, which does not enforce proper security for the content of newly defined security answers. Root cause is a misconfiguration/weak security controls in user ma...

Protect

An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...

CVE-2022-36453

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number...

CVE-2022-36453

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number...

CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name...

CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name...

Stored Cross-Site Scripting Vulnerability at jeecms Modify Profile

jeecms is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with payment and financial settlement of the content management system. jeecms modified...

CVE-2014-6408

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page...

CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks...