14 matches found
EUVD-2017-18999
Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...
CVE-2017-20272 Joomla Ultimate Property Listing 1.0.2 SQL Injection via sf_selectuser_id
Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...
The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.
The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...
Remote Code Execution
snipe/snipe-it is vulnerable to remote code execution. The vulnerability exists in the Select User function under the People Menu component which allows an attacker with admin privileges to inject remote code to a user via maliciously crafted pdf files...
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
GHSA-XWQX-X38C-CW95 Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32061
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32061
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32061
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32061
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32061
CVE-2022-32061 affects Snipe-IT v6.0.2: the vulnerability is an arbitrary file upload in the Select User function under the People Menu component, enabling an attacker to execute arbitrary code via a crafted file. The connected sources confirm the affected product and the basic impact but do not ...
PT-2022-13096 · WordPress · Mycred
Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.4.4.1 Description: The issue affects the myCred WordPress plugin, where the mycred-tools-select-user AJAX action lacks authorization, allowing any authenticated user to retrieve all email addresses...
The vulnerability of the BARS.Web-Sudy platform, related to deficiencies in the authentication mechanism, allows a hacker to select user account names.
The vulnerability of the BARS.Web-Sudy platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to select user accounts using specially crafted POST requests...