CVE-2023-35937 Metersphere missing permission check

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...

Vulnerability of ACE Mingyi's O&M Audit Risk Control System to overstepping of authority

DASUSM is an audit and risk control system based on the theory and practical experience of operation and maintenance security management, combined with the requirements of various laws and regulations e.g., level protection, SOX, PCI, enterprise internal control management, hierarchical protectio...

Design/Logic Flaw

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

shopex front Desk ordinary users getshell vulnerabilities-vulnerability warning-the black bar safety net

Use method: First: Think of a way to find the target site's absolute path http://www.test.com/install/svinfo.php?phpinfo=true http://www.test.com/core/api/shopapi.php http://www.test.com/core/api/site/2.0/apib2b20cat.php http://www.test.com/core/api/site/2.0/apib2b20goodstype.php...