CVE-2026-5542

A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of the argument userid can lead to cross site scripting. The attack may be launched remotely. The...

CVE-2023-26579

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...

CVE-2023-26579

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...

Authentication flaw

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...

CVE-2023-26579 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...

CVE-2023-26579 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...

PT-2023-20745 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application version 3.1.013 Description: The issue concerns missing authentication in the DeleteStaff method, allowing unauthenticated attackers to delete staff information. Recommendations: For version 3.1.013, ensure proper...

Shopify: Takeover an account that doesn't have a Shopify ID and more

Details The https://pos-channel.shopifycloud.com/graphql-proxy/admin can be exploited to update a staff member email without any email confirmation. Using the partner dashboard, we've the ability to create a store that doesn't have a Shopify ID account on https://accounts.shopify.com. By using...

CVE-2019-6126

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff...

CVE-2019-6126

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff...

San Diego School District Data Breach Hits 500k Students

A phishing attack against California’s San Diego Unified School District has led to hackers scooping up Social Security numbers and addresses of more than 500,000 students and staff. The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November...