85 matches found
CVE-2024-57401
SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...
CVE-2024-57401
SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...
CVE-2024-48827
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...
CVE-2024-48827
Summary: CVE-2024-48827 affects sbondCo Watcharr v1.43.0 and older. Multiple sources (NVD, Red Hat, OSV, CNNVD, CVE lists) describe a remote code execution and privilege escalation via the Change Password function. Public writeups/exploits (PacketStorm, Exploit-DB) show a reproducible RCE for Wat...
CVE-2024-48827
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...
PT-2024-33245 · Sbondco · Sbondco Watcharr
Name of the Vulnerable Software and Affected Versions: sbondCo Watcharr version 1.43.0 Description: The issue allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. Recommendations: For sbondCo Watcharr version 1.43.0, consider disabling the...
CVE-2024-48827
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...
PT-2024-38534 · WordPress · Html5 Video Player – Mp4 Video Player Plugin
Name of the Vulnerable Software and Affected Versions: The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.34 Description: The issue is related to unauthorized modification of data due to a missing capability check on the save passwor...
CVE-2023-47435
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...
CVE-2024-31759
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function...
PT-2024-24199 · Sanluan · Publiccms
Name of the Vulnerable Software and Affected Versions: sanluan PublicCMS version 4.0.202302.e Description: An issue in the software allows an attacker to escalate privileges via the change password function. Recommendations: For sanluan PublicCMS version 4.0.202302.e, consider disabling the chang...
Design/Logic Flaw
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
CVE-2024-24720
An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...
CVE-2024-26470
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
PT-2023-20892 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A Cross-site scripting XSS issue exists in the encrypt password function in login.tmpl.php, allowing remote attackers to inject arbitrary web script or HTML via the token parameter. Recommendations: For ATuto...
CVE-2023-24653
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...
PT-2023-19726 · Unknown · Simple Customer Relationship Management System
Name of the Vulnerable Software and Affected Versions: Simple Customer Relationship Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the oldpass parameter under the Change Password function. Recommendations:...
CVE-2023-24653
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...
CVE-2021-34164
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location...
Weak password at demo website version 3.1.9
Description The demo website is now version 3.1.9 but still affected of weak password requirement. Proof of Concept 1. Login to the demo website with any users. 2. Use "Change password" function, set the new password is number 1. 3. It's successful, try to re-login to check it...