Lucene search
K

14 matches found

EUVD
EUVD
added 2026/06/19 4:24 p.m.5 views

EUVD-2017-18999

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 4:24 p.m.30 views

CVE-2017-20272 Joomla Ultimate Property Listing 1.0.2 SQL Injection via sf_selectuser_id

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

8.8CVSS0.00237EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.6 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/07/11 4:23 p.m.19 views

Remote Code Execution

snipe/snipe-it is vulnerable to remote code execution. The vulnerability exists in the Select User function under the People Menu component which allows an attacker with admin privileges to inject remote code to a user via maliciously crafted pdf files...

4.8CVSS6AI score0.00548EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/08 12:0 a.m.27 views

Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

4.8CVSS6.3AI score0.00548EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/07/08 12:0 a.m.21 views

GHSA-XWQX-X38C-CW95 Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

4.8CVSS5.5AI score0.00548EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/07/07 11:15 p.m.0 views

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

4.8CVSS5.7AI score0.00548EPSS
Exploits1References2
NVD
NVD
added 2022/07/07 11:15 p.m.13 views

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

4.8CVSS0.00548EPSS
Exploits1References1
OSV
OSV
added 2022/07/07 11:15 p.m.14 views

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

4.8CVSS5.7AI score
Exploits0References1
Prion
Prion
added 2022/07/07 11:15 p.m.13 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

3.5CVSS5.6AI score0.00548EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/07 10:12 p.m.20 views

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

5.9AI score0.00548EPSS
Exploits1References1
CVE
CVE
added 2022/07/07 10:12 p.m.80 views

CVE-2022-32061

CVE-2022-32061 affects Snipe-IT v6.0.2: the vulnerability is an arbitrary file upload in the Select User function under the People Menu component, enabling an attacker to execute arbitrary code via a crafted file. The connected sources confirm the affected product and the basic impact but do not ...

4.8CVSS5.6AI score0.00548EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/25 12:0 a.m.4 views

PT-2022-13096 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.4.4.1 Description: The issue affects the myCred WordPress plugin, where the mycred-tools-select-user AJAX action lacks authorization, allowing any authenticated user to retrieve all email addresses...

4.3CVSS4.4AI score0.00752EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.2 views

The vulnerability of the BARS.Web-Sudy platform, related to deficiencies in the authentication mechanism, allows a hacker to select user account names.

The vulnerability of the BARS.Web-Sudy platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to select user accounts using specially crafted POST requests...

3.7CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder