2 matches found
CVE-2019-9958
The CVE-2019-9958 entry affects Quadbase EspressReport ES (ERES) v7.0 update 7, where a CSRF flaw in the admin panel allows remote attackers to escalate privileges or create new admin accounts by coercing an authenticated admin’s session to perform unintended requests. The vulnerability arises fr...
CVE-2009-1771
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the 1 usersfullname, 2 usersemail, 3 usersroleid, 4 usersusername, and 5 userspassword parameters...