Checkmate 授权问题漏洞

Checkmate is an open-source, self-hosted tool developed by BlueWave. It aims to provide visually appealing real-time tracking and monitoring of server hardware, uptime, response times, and events. Checkmate versions 3.5.1 and earlier have a licensing issue vulnerability. This vulnerability stems...

EUVD-2018-7745

Malware in sbrugna...

EUVD-2022-34622

Malicious code in bioql PyPI...

CVE-2022-2354

The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should...

WordPress Google Places Reviews plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

Wenzhou Huyi Information Technology Co., Ltd. has a logic flaw vulnerability in BossCMS

BossCMS is a content management system developed by Wenzhou Huyin Information Technology Co., Ltd. based on self-developed PHP framework MySQL architecture. Ltd. BossCMS has a logic flaw vulnerability, which can be exploited by attackers to elevate ordinary administrators to super administrators...

SmartAgent Security Vulnerabilities

A security vulnerability exists in SmartAgent 3.1.0 that can be exploited by an attacker to create Super Administrators via //CampaignManager/users...

Design/Logic Flaw

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...

CVE-2018-15888

CVE-2018-15888 affects ASPCMS 2.5.6. In /member/reg.asp, the addUser function allows registering ordinary users with the super administrator GroupID, enabling privilege elevation. The available connected sources confirm the vulnerability pattern but do not provide a concrete exploit, affected ver...

CVE-2016-9268

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified...

CVE-2016-9268

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified...

CVE-2008-3868

Cross-site request forgery CSRF vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts...

CVE-2008-3868

Cross-site request forgery CSRF vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts...

CVE-2008-3868

Concretely, CVE-2008-3868 affects Interact 2.4.1 and is a CSRF vulnerability that can allow remote attackers to hijack a super administrator’s session to perform actions that create new super administrator accounts. The root cause is forged HTTP requests that are executed in the context of an aut...