6 matches found
EUVD-2020-30840
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...
CVE-2020-36892 Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...
CVE-2023-29058
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...
PT-2023-22116 Β· Xcc Β· Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is...
WordPress ζδ»Ά θ·¨η«θ―·ζ±δΌͺι ζΌζ΄
The WordPress plugin uListing is a directory and listing plugin based on Vue.js. The WordPress plugin uListing 2.0.5 and earlier versions are vulnerable to cross-site request forgery. An attacker could exploit the vulnerability to modify user roles...
uListing < 2.0.6 - Modify User Roles via CSRF
An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...