CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...

CmsEasy 安全漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's Jiuzhou ET Technology CmsEasy. A security vulnerability exists in CmsEasy v.7.7 and prior versions, which originated from allowing remote attackers to obtain sensitive information via the update function in t...

CVE-2024-32236

CmsEasy CVE-2024-32236 affects CmsEasy v7.7 and earlier. The issue resides in the update function of the index.php component, enabling a remote attacker to obtain sensitive information (information disclosure). Affected versions should be updated to a version later than 7.7 to resolve the issue. ...

CVE-2024-0447

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...

WordPress Plugin ArtiBot Free Chat Bot for WordPress WebSites Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18201 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to a missing capability check on the categorifyAjaxUpdateFolderPosition function, allowing authenticated attackers with subscriber-level...

PT-2024-17676 · Juanpao · Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found in the API component, specifically affecting the actionUpdate function of the /api/controllers/merchant/design/MaterialController.php file. The manipulation of...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

PT-2023-8539 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Chrome OS affected versions not specified Description: The issue is related to a buffer overflow in the cam lrme mgr hw prepare update function of the Chrome OS operating system. Exploitation of this issue could allow an attacker to elevate...

Netmaker IDOR Allows User to Update Other User's Password

Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...

GHSA-256M-J5QW-38F4 Netmaker IDOR Allows User to Update Other User's Password

Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...

The vulnerability of the update function in NETGEAR RAX50 integrated software allows a hacker to execute arbitrary code.

The vulnerability of the update function in NETGEAR RAX50 integrated software lies in errors in the certificate validation process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted CURL POST request...

PT-2023-7750 · Sangoma +2 · Asterisk +3

Name of the Vulnerable Software and Affected Versions: Asterisk versions 18.20.0 and prior Asterisk versions 20.5.0 and prior Asterisk version 21.0.0 certified-asterisk versions 18.9-cert5 and prior Description: The issue is related to the PJSIP HEADER dialplan function in Asterisk, where the...

WordPress Plugin Style Kits 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-28699

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

CVE-2022-47029

An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update...

PT-2023-15138 · Unknown · Action Launcher

Name of the Vulnerable Software and Affected Versions: Action Launcher version 50.5 Description: An issue was found that allows an attacker to escalate privilege via modification of the intent string to the update function. Recommendations: For Action Launcher version 50.5, consider restricting...

Multiple XSS on update funtions with module select options and search form

Description XSS vulnerability occurs in forms have select and search Proof of Concept POST /bumsys/xhr/?module=peoples&page=updateCustomer HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0 Gecko/20100101 Firefox/111.0 Accept: / Accept-Language:...

CVE-2023-24655

CVE-2023-24655 affects Simple Customer Relationship Management System v1.0. A SQL injection flaw exists in the Profile Update function via the name parameter, enabling potentially arbitrary SQL execution. The CVSS 3.1 vector indicates a network attack with no user interaction and requires no priv...

CVE-2023-24655

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function...