itsourcecode Web-Based Internet Laboratory SQL注入漏洞

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /settings/controller.php. An attacker...

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password...

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password...

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password...

CVE-2025-50594

The CVE-2025-50594 entry relates to Danphe Health Hospital Management System EMR 3.2. A vulnerability in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs allows attackers to reset any user account password, indicating a broken access control/permissions check. Reports i...

CVE-2023-41363

In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users...

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

PT-2022-12333 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions through 3.2.26 Description: A Code Execution issue exists via SettingsController.php. However, the vendor indicates that there was an error in publishing this record, and all parties agree that the affected code was not used...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.128. The vulnerability ste...

CVE-2020-15849

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...

WordPress RegistrationMagic elevation of privilege vulnerability (CNVD-2020-16636)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.RegistrationMagic is a user registration plugin used in it. A security vulnerability exists in WordPress RegistrationMagic 4.6.0.3 and...