7 matches found
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the endpoint where administrator...
CVE-2021-21918
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘namefilter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery...
CVE-2024-57434
CVE-2024-57434 affects Macrozheng Mall-Tiny 1.0.1 and is caused by an Incorrect Access Control vulnerability where the project imports users by default and a test user is granted super administrator privileges. Reported with CVSS 3.1: AV=N, AC=L, PR=L, UI=N, S=U, C/H/I/A = High. Exploitation stat...
FUEL CMS Elevation of Privilege Vulnerability
FUEL CMS is a content management system based on CodeIgniter. An elevation of privilege vulnerability exists in FUEL CMS 1.4.7. The vulnerability can be exploited to gain super administrator privileges via the "id" and "fuelid" parameters...
Hefei Yilang Network Technology Co., Ltd. website building system has logical flaws and vulnerabilities
Hefei Yilang Network Technology Co., Ltd. is a company specializing in Internet technology services, development and application. Hefei a wave of network technology limited company building system there are logical flaws in the vulnerability, the attacker can use the loophole to obtain super...
Panmicro e-office Collaboration Management Platform Privilege Bypass Vulnerability
A login bypass vulnerability exists in the Panmicro e-office Collaboration Management Platform, which allows an attacker to directly log into the OA system with super administrator privileges without login credentials...
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
ManageEngine Password Manager Pro PMP has an authenticated blind SQL injection vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CS...