38 matches found
PT-2024-27066 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF that was discovered in idccms. This CSRF is accessible via the "admin/vpsCompany deal.php?mudi=del" endpoint. Recommendations: For idccms version 1.35,...
PT-2024-27067 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The issue is related to the /admin/vpsCompany deal.php endpoint, specifically with the parameters mudi and nohrefStr. Recommendations: For idcc...
PT-2024-26540 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/infoWeb deal.php. The mudi, dataType, and dataTypeCN parameters are involved. This allows for unauthorized actions to be...
CVE-2024-35039
CVE-2024-35039 affects idccms version 1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered via the endpoint admin/tplSys_deal.php?mudi=area. The available sources consistently describe a CSRF risk without detailing an exploitation method beyond the vulnerable endpo...
PT-2024-26272 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms via the component "admin/banner deal.php?mudi=add". This allows for potential unauthorized actions. Recommendations: For idccms version 1.35, as...
PT-2024-26320 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/homePro deal.php" with parameters mudi, dataType, and dataTypeCN. This issue allows for unauthorized requests. Recommendations: F...
PT-2024-26321 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/homePro deal.php" with parameters mudi and nohrefStr. This allows for unauthorized requests to be made. Recommendations: For idccms...
PT-2024-26290 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/banner deal.php component. The mudi, dataType, dataTypeCN, theme, and dataID parameters are involved. This allows for unauthorized action...
PT-2024-26291 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/infoType deal.php" with parameters mudi and nohrefStr. This allows for unauthorized requests. Recommendations: For idccms version...
PT-2024-25501 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the /admin/readDeal.php component, specifically via the mudi parameter set to clearWebCache. This allows for unauthorized actions to be performed on...
CVE-2023-24261
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
CVE-2023-24261
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
CVE-2023-24261
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
Cross site request forgery (csrf)
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
CVE-2023-24261
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...
PT-2023-19503 · Gl.Inet · Gl-E750 Mudi
Name of the Vulnerable Software and Affected Versions: GL.iNET GL-E750 Mudi versions prior to v3.216 Description: A vulnerability in the software allows authenticated attackers to execute arbitrary code via a crafted POST request. Recommendations: For versions prior to v3.216, update to firmware...
CVE-2023-24261
GL.iNET GL-E750 Mudi devices are affected by CVE-2023-24261. The vulnerability allows an authenticated attacker to execute arbitrary code via a crafted POST request, affecting firmware prior to v3.216. The cited details indicate network-exposed, authenticated code execution with high impact on co...
PT-2023-2274 · Otcms · Otcms
Name of the Vulnerable Software and Affected Versions: OTCMS version 6.0.1 Description: A critical vulnerability was found in OTCMS, related to the absence of restrictions on file uploads. This issue affects an unknown functionality of the file sysCheckFile.php, where the mudi parameter is set to...