11 matches found
CVE-2026-11506
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...
CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...
EUVD-2023-30374
Malicious code in bioql PyPI...
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...
CVE-2023-26579
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...
Cross site request forgery (csrf)
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...
CVE-2023-0761 Clock In Portal <= 2.1 - Staff Deletion via CSRF
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...
CVE-2023-0761 Clock In Portal <= 2.1 - Staff Deletion via CSRF
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack...
PT-2023-16509 · WordPress · Clock In Portal- Staff & Attendance Management
Name of the Vulnerable Software and Affected Versions: The Clock In Portal- Staff & Attendance Management WordPress plugin versions 2.1 and earlier Description: The issue is related to the lack of a CSRF check when deleting staff members, which could allow attackers to make logged-in admins delet...
Clock In Portal <= 2.1 - Staff Deletion via CSRF
The plugin does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Staff with ID 1...
Clock In Portal <= 2.1 - Staff Deletion via CSRF
The plugin does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Staff with ID 1...