229 matches found
WordPress Plugin ArtiBot Free Chat Bot for WordPress WebSites Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-18201 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to a missing capability check on the categorifyAjaxUpdateFolderPosition function, allowing authenticated attackers with subscriber-level...
PT-2024-17676 · Juanpao · Jpshop
Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found in the API component, specifically affecting the actionUpdate function of the /api/controllers/merchant/design/MaterialController.php file. The manipulation of...
CVE-2023-46004
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...
PT-2023-8539 · Google · Chrome Os
Name of the Vulnerable Software and Affected Versions: Chrome OS affected versions not specified Description: The issue is related to a buffer overflow in the cam lrme mgr hw prepare update function of the Chrome OS operating system. Exploitation of this issue could allow an attacker to elevate...
GHSA-256M-J5QW-38F4 Netmaker IDOR Allows User to Update Other User's Password
Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...
Netmaker IDOR Allows User to Update Other User's Password
Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...
PT-2023-7750 · Sangoma +2 · Asterisk +3
Name of the Vulnerable Software and Affected Versions: Asterisk versions 18.20.0 and prior Asterisk versions 20.5.0 and prior Asterisk version 21.0.0 certified-asterisk versions 18.9-cert5 and prior Description: The issue is related to the PJSIP HEADER dialplan function in Asterisk, where the...
WordPress Plugin Style Kits 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-28699
Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...
CVE-2022-47029
An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update...
PT-2023-15138 · Unknown · Action Launcher
Name of the Vulnerable Software and Affected Versions: Action Launcher version 50.5 Description: An issue was found that allows an attacker to escalate privilege via modification of the intent string to the update function. Recommendations: For Action Launcher version 50.5, consider restricting...
Multiple XSS on update funtions with module select options and search form
Description XSS vulnerability occurs in forms have select and search Proof of Concept POST /bumsys/xhr/?module=peoples&page=updateCustomer HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0 Gecko/20100101 Firefox/111.0 Accept: / Accept-Language:...
CVE-2023-24655
CVE-2023-24655 affects Simple Customer Relationship Management System v1.0. A SQL injection flaw exists in the Profile Update function via the name parameter, enabling potentially arbitrary SQL execution. The CVSS 3.1 vector indicates a network attack with no user interaction and requires no priv...
CVE-2023-24655
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function...
Simple Customer Relationship Management SQL注入漏洞
Simple Customer Relationship Management Simple CRM is a Simple Customer Relationship Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the company...
Simple Customer Relationship Management SQL注入漏洞
Simple Customer Relationship Management Simple CRM is a Simple Customer Relationship Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the query...
Simple Customer Relationship Management SQL注入漏洞
Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the address...
Simple Customer Relationship Management SQL注入漏洞
Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by Carlo Montero, a personal developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the contact...
Sql injection
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...