57 matches found
CVE-2025-9005 mtons mblog register information exposure
A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is...
CVE-2025-8342 WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...
mblog 安全漏洞
mblog is a blogging system by the individual developer langhsu. A security vulnerability exists in mblog 3.5.0 and earlier versions, which stems from an incorrect operation of the file /register that results in the disclosure of information via an error message...
PT-2024-28879 · Unknown · Puneethreddyhc Online Shopping System
Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping system advanced version 1.0 Description: The issue allows an attacker to execute arbitrary code. An unauthenticated remote attacker can manipulate the address1 variable in the "register.php" endpoint...
CVE-2024-6425
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword="...
PT-2024-37617 · Mesbook · Mesbook
Name of the Vulnerable Software and Affected Versions: MESbook version 20221021.03 Description: The issue allows an unauthenticated remote attacker to register user accounts without authentication. This can be done by accessing the "/account/Register/" route and providing parameters such as...
PT-2024-37611 · Sourcecodester · Sourcecodester Medicine Tracker System
Name of the Vulnerable Software and Affected Versions: SourceCodester Medicine Tracker System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Medicine Tracker System. This issue affects an unknown part of the file /classes/Users.php?f=register user. The...
CVE-2024-3432
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument eventid/fullname/email/mobile/college/branch leads to sql injection. The attack may be...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
BTCPay Server v1.7.4 - HTML Injection Vulnerability
Exploit Title: BTCPay Server v1.7.4 - HTML Injection Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete API key, the html...
PT-2023-14951 · Unknown · Online Student Enrollment System
Name of the Vulnerable Software and Affected Versions: Online Student Enrollment System version 1.0 Description: A cross-site scripting XSS issue in the /admin/register.php component allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter...
PT-2022-27736 · Unknown · Sourcecodester Covid-19 Directory On Vaccination System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Covid-19 Directory on Vaccination System version 1.0 Description: A Cross site scripting XSS issue allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to "register.php" without...
PT-2022-20977 · Sourcecodester · Sourcecodester Loan Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Zoo Management System version 1.0 Description: The issue concerns Cross Site Scripting XSS via the "public html/register visitor?msg=" endpoint. This allows for potential malicious script injection. No information is provided...
Microweber CMS 1.2.15 - Account Takeover Vulnerability
Exploit Title: Microweber CMS 1.2.15 - Account Takeover Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631 Description:...
CVE-2022-25471
An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...
PT-2018-12490 · Phpcms · Phpcms
Name of the Vulnerable Software and Affected Versions: PHPCMS version 9.6.0 Description: The issue allows remote attackers to upload and execute arbitrary PHP code. This can be achieved by sending a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the...
PT-2012-5295 · Sockso · Sockso
Name of the Vulnerable Software and Affected Versions: Sockso versions 1.5 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the name parameter in the "user/register" endpoint. Recommendations: For Sockso versions 1.5 and...