CVE-2025-12773

CVE-2025-12773 involves a vulnerability in the Brocade SANnav product where the script update-reports-purge-settings.sh logs can include the SANnav database password in system audit logs on versions before 2.4.0a. The issue allows a remote authenticated attacker with audit-log access to retrieve ...

Brocade SANnav 安全漏洞

Brocade SANnav is a storage area network management software developed by the American company Brocade. Versions of Brocade SANnav prior to 2.4.0a contained security vulnerabilities. These vulnerabilities stemmed from improper logging in the update-reports-purge-settings.sh script, which could le...

CVE-2023-53896

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

CVE-2023-53896

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

CVE-2023-53896

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

EUVD-2023-60194

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

PT-2025-46767

Name of the Vulnerable Software and Affected Versions code-projects Responsive Hotel Site version 1.0 Description A SQL injection issue exists in code-projects Responsive Hotel Site 1.0. The issue is located in the file /admin/usersettingdel.php. Manipulation of the eid argument can lead to SQL...

CVE-2025-7686

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

WordPress plugin Simple Page Access Restriction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

The vulnerability of the saveSettings() function in the settings.php script of the NetAlert X intrusion notification network infrastructure allows a intruder to execute arbitrary code.

The vulnerability of the saveSettings function in the settings.php script of the NetAlert X intrusion notification network infrastructure is related to the failure to take measures to neutralize special elements used in the command due to lack of authentication. Exploiting this vulnerability can...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...

TOTOLINK N350RT 安全漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability ar...

CVE-2024-7156

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack m...

PT-2024-38118 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A vulnerability was found in the apmib Configuration Handler component, specifically affecting some unknown functionality of the file /cgi-bin/ExportSettings.sh. This issue leads to...

PT-2024-28264 · Wavlink · Wavlink Wn551K1

Name of the Vulnerable Software and Affected Versions: Wavlink WN551K1 affected versions not specified Description: The issue allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. Recommendations: At the moment, there is no information about a newer...

Unspecified vulnerability in TOTOLINK EX200 ExportSettings.sh file

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A security vulnerability exists in the TOTOLINK EX200, which stems from improper privilege...

CVE-2022-42142

Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/updatesettings.php...

CVE-2022-32993

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh...

TOTOLINK A7000R 安全漏洞

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from an access control vulnerability that stems from improper access control in its /cgi-bin/ExportSettings.sh...

PT-2022-21982

Name of the Vulnerable Software and Affected Versions Wavlink WN530HG4 version M30HG4.V5030.191116 Description A hardcoded encryption/decryption key was found in the configuration files of the affected device, specifically at the /etc ro/lighttpd/www/cgi-bin/ExportAllSettings.sh location. This...