447 matches found
Privilege escalation from user with "add user" to super admin
Description Before I created this submission, I read this report: https://huntr.dev/bounties/258cd498-7275-4b12-ac73-79c9ba3e58e4/. I was afraid that my submission would be a duplicate of that. After reading it carefully, I decided to make a report because my report is not exploiting the backup...
CVE-2023-23751
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...
CVE-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...
Cisco Identity Services Engine XML External Entity Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...
PT-2023-19176 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.0.0 through 4.2.4 Description: An issue was discovered that allows non super-admin users to access com actionlogs due to a missing ACL check. Recommendations: For Joomla! versions 4.0.0 through 4.2.4, consider restricting...
CVE-2022-47767
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 included. This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300,...
CVE-2022-45857
An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...
PT-2023-14784 · Fortinet · Fortigate +1
Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.4.6 and below Description: The issue is related to an incorrect user management vulnerability in the VDOM creation component. This may allow an attacker to access a FortiGate without a password via newly created VDOMs...
PT-2022-23805 · Sophos · Sophos Firewall
Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard. Recommendations: For Sophos Firewall versions prior to 19.5 GA, update to...
CVE-2022-40489
CVE-2022-40489 affects ThinkCMF v6.0.7 and represents a Cross-Site Request Forgery (CSRF) vulnerability that can let a Super Administrator be injected into administrative users. The core issue is CSRF in ThinkCMF, enabling credential injection and site takeover as described in multiple sources (R...
Simple Cold Storage Management System 1.0 SQL Injection
Simple Cold Storage Management System v1.0 by oretnom23 has SQL injection BUGAuthor: QiaoRui feng Login account: admin/admin123 Super Admin account vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html The program is built using the...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
Server side request forgery (ssrf)
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
PT-2022-6447 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.11 and earlier, 7.0.0 through 7.0.8, 7.2.0 through 7.2.2 FortiProxy versions 7.0.0 through 7.0.8, 7.2.0 through 7.2.2 Description: A relative path traversal issue in the Virtual Domains VDOM technology of FortiOS and...
Privilege escalation from admin and normal user to super admin
Description Lavsms provides 5 types of roles. But the issue is admin can escalate to the super admin role for himself as well as for other un-privileged users too even lower than the admin role. Proof of Concept 1. POST /users/id with custom payload via API Testing tool like postman/Insomnia. Ste...