CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

CVE-2024-48827

Summary: CVE-2024-48827 affects sbondCo Watcharr v1.43.0 and older. Multiple sources (NVD, Red Hat, OSV, CNNVD, CVE lists) describe a remote code execution and privilege escalation via the Change Password function. Public writeups/exploits (PacketStorm, Exploit-DB) show a reproducible RCE for Wat...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

PT-2024-33245 · Sbondco · Sbondco Watcharr

Name of the Vulnerable Software and Affected Versions: sbondCo Watcharr version 1.43.0 Description: The issue allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. Recommendations: For sbondCo Watcharr version 1.43.0, consider disabling the...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

PT-2024-38534 · WordPress · Html5 Video Player – Mp4 Video Player Plugin

Name of the Vulnerable Software and Affected Versions: The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.34 Description: The issue is related to unauthorized modification of data due to a missing capability check on the save passwor...

CVE-2023-47435

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...

CVE-2024-31759

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function...

PT-2024-24199 · Sanluan · Publiccms

Name of the Vulnerable Software and Affected Versions: sanluan PublicCMS version 4.0.202302.e Description: An issue in the software allows an attacker to escalate privileges via the change password function. Recommendations: For sanluan PublicCMS version 4.0.202302.e, consider disabling the chang...

Design/Logic Flaw

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

CVE-2024-26470

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...

The vulnerability of the lwp_forgot_password function in the “Login with Phone Number” plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the lwpforgotpassword function in the “Login with Phone Number” plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...

PT-2023-20892 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A Cross-site scripting XSS issue exists in the encrypt password function in login.tmpl.php, allowing remote attackers to inject arbitrary web script or HTML via the token parameter. Recommendations: For ATuto...

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...

PT-2023-19726 · Unknown · Simple Customer Relationship Management System

Name of the Vulnerable Software and Affected Versions: Simple Customer Relationship Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the oldpass parameter under the Change Password function. Recommendations:...

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...