4 matches found
Unauthorized Account Creation
melis-core is vulnerable to Unauthorized Account Creation. The vulnerability is due to missing authentication on the /melis/MelisCore/ToolUser/addNewUser endpoint, where an unauthenticated attacker can directly invoke this function to create a new administrator account and gain full control of th...
CVE-2023-46584
SQL Injection vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint...
Nipah virus Testing Management System SQL Injection Vulnerability
Nipah virus Testing Management System is an online virus diagnostic platform. A security vulnerability exists in version v.1.0 of the PHPGurukul Nipah Virus Testing Management System, which stems from the presence of a SQL injection vulnerability that allows remote attackers to escalate privilege...
CVE-2018-19598
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request...