CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Huntr•added 2021/10/05 9:3 a.m.•13 views

in erikdubbelboer/phpredisadmin

Description $response is a salted md5 hash generated based on the concatenated hashed of credentials with other parameters. It has been discovered that $response compares with $data'response' using comparison operator != in file login.inc.php. This might cause unexpected behavior due to type...

0.6AI score

Exploits0References1

Huntr•added 2021/08/23 8:33 a.m.•15 views

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

✍️ Description The delete key functionality in the application is vulnerable to CSRF attack. 🕵️‍♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user...

2.4AI score

Exploits0References1

Huntr•added 2021/08/23 8:16 a.m.•10 views

in erikdubbelboer/phpredisadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

1.3AI score

Exploits0References1

CNVD•added 2020/10/21 12:0 a.m.•1 views

phpRedisAdmin Cross-Site Scripting Vulnerability

phpRedisAdmin is a web administration page for managing Redis for individual developers. A cross-site scripting vulnerability exists in phpRedisAdmin versions prior to 1.13.2, which stems from the login.php username parameter allowing XSS.No detailed vulnerability details are available at this ti...

6.1CVSS6.2AI score0.0024EPSS

Exploits0References1