26 matches found
EUVD-2018-21768
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...
CVE-2018-25257
CVE-2018-25257 – Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability. An authenticated user can inject SQL code via the name field in SystemProfileForm's profile edit endpoint to manipulate queries, potentially modifying user credentials and gaining administrative access. Af...
CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...
CVE-2018-25257
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...
CVE-2024-14009
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...
EUVD-2024-55051
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...
CVE-2024-14009
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...
CVE-2024-14009
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...
CVE-2024-14009 Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...
CVE-2024-14009
Nagios XI prior to 2024R1.0.1 has a privilege escalation in the System Profile component. The issue stems from improper access controls and unsafe handling of exported/imported profile data, allowing an authenticated administrator to perform actions on the XI host outside the application’s securi...
CVE-2024-14009 Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.0.1, which stems from improper acces...
PT-2025-44507
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.0.1 Description Nagios XI versions prior to 2024R1.0.1 have a privilege escalation issue within the System Profile component. This component is an administrative diagnostic and configuration capability...
CVE-2024-51360
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file...
Maid Hiring Management System profile.php file cross-site scripting vulnerability
Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability in the file /admin/profile.php that stems from a lack of adequate validation and filtering of the input of the name parameter. No details of the...
Nagios XI - Authenticated Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the serve...
Nagios XI Authenticated Remote Command Execution
This module exploits a vulnerability in Nagios XI before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported...
Unauthorized Access Vulnerability in Kaixin File System Profile 30.0
Qixing File System Profile 30.0 is a system for managing employee files, contracts, training, personnel, attendance, payroll and other information within an organization. Kaixing File System Profile 30.0 suffers from an unauthorized access vulnerability that can be exploited by attackers to view...
Command injection
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...