5 matches found
CVE-2025-27565
CVE-2025-27565 affects the Growatt Cloud Applications/Cloud portal. Multiple connected sources confirm an unauthenticated attacker can delete any user’s legitimate data by knowing the user ID and the target room ID, implying an authorization failure in manipulating user-controlled room resources....
CVE-2025-27565 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs...
Kashipara Hotel Management System Access Control Error Vulnerability (CNVD-2024-37410)
Kashipara Hotel Management System is a hotel management system from Kashipara. An access control error vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an unauthenticated attacker to delete valid hotel room entries in the administrator section...
CVE-2024-42768
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/deleteroom.php...
CVE-2009-4670
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to 1 delete arbitrary users via the user parameter or 2 delete arbitrary rooms via the room parameter...