Lucene search
K

39 matches found

NVD
NVD
added 2025/02/12 2:15 p.m.12 views

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...

6.5CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:30 p.m.5 views

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...

6.5CVSS6.4AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:30 p.m.71 views

CVE-2025-26376

CVE-2025-26376 concerns Q-Free MaxTime

6.5CVSS6.4AI score0.00315EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/12 1:30 p.m.14 views

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...

6.5CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/13 12:0 a.m.19 views

CVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint...

7.2AI score0.02393EPSS
Exploits3References2
Prion
Prion
added 2024/01/19 10:15 p.m.19 views

Hardcoded credentials

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...

6.4CVSS7.2AI score0.00646EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/15 9:30 p.m.14 views

Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

4.3CVSS6.7AI score0.00585EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/06/15 9:30 p.m.7 views

GHSA-F989-3FP9-Q3R2 Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

6.9CVSS4.2AI score0.00585EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.9 views

CVE-2023-29288 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

4.3CVSS6.7AI score0.00585EPSS
Exploits0References1
OSV
OSV
added 2022/08/19 1:21 p.m.15 views

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

9.8CVSS9.5AI score0.01106EPSS
Exploits0References7
CNVD
CNVD
added 2020/11/15 12:0 a.m.1 views

SQL Injection Vulnerability in Shield Spirit Voting Voter System for Front-end User Modification Data

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/12/03 12:0 a.m.2 views

Parallel Override Vulnerability in SDCMS v1.6

SDCMS era website information management system is a product of Suzhou Fireworks Network Technology Co., Ltd. to asp + access for the development of the portal system. SDCMS v1.6 has a parallel override vulnerability. Attackers can use the vulnerability to illegally modify the user release...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2018/08/07 12:0 a.m.14 views

Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery Account Hijacking Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Request ForgeryAccount Hijacking Date: 2018-08-04 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Product Name: Monstra-dev Version: 3.0.4 Tested on: Windows 10...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2018/08/02 12:0 a.m.37 views

WityCMS 0.6.2 Cross Site Request Forgery

...

0.5AI score0.02513EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.32 views

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)

input t...

8.8CVSS8.8AI score0.02513EPSS
Exploits5
Cvelist
Cvelist
added 2018/02/02 2:0 p.m.22 views

CVE-2017-18042

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery CSRF vulnerability...

8.7AI score0.00673EPSS
Exploits0References2
seebug.org
seebug.org
added 2015/05/04 12:0 a.m.21 views

KPPW最新版SQL注入漏洞,修补不严

简要描述: KPPW最新版SQL注入漏洞,修补不严 详细说明: 1.看了http://wooyun.org/bugs/wooyun-2010-086216。这篇帖子,正巧也在审计KPPW,也就去看了用一下最新版对于爆出问题的修补方式。最新版为了防止该漏洞,添加了一个验证。 if$gUserInfo'uid' != $pk'uid' kekezu::showmsg'无权操作',NULL,NULL,NULL,'error'; return false; 2.$gUserInfo'uid'是用户id,是我们不可控的。所以这里不能再用xfkxfk大牛的方法构造uid了。那么我们再看一下save函...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/11/27 12:0 a.m.33 views

Kesion ICMS智能建站系统多处权限绕过,可修改任意用户密码

简要描述: Kesion ICMS2.5智能建站系统存在多处权限绕过 详细说明: Kesion ICMS智能建站系统多处权限绕过,修改任意用户资料,并可修改任意用户密码。 漏洞证明: 系统官网:http://www.kesion.com/ 系统演示站点:http://i.kesion.com/ 为了演示漏洞,注册了用户名为test1和test2的两个用户。 漏洞一、修改任意用户基本资料: 1、登录test1用户--》会员中心--》修改我的资料。 2、使用代理拦截请求,修改cookie中的username字段为被攻击的用户名: 3、登录被攻击用户,用户资料被修改 漏洞二、修改任意用户绑定手...

7.1AI score
Exploits0
OSV
OSV
added 2009/11/25 10:0 p.m.2 views

DEBIAN-CVE-2009-4076

Cross-site request forgery CSRF vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077...

6.8CVSS6.7AI score0.01342EPSS
Exploits0References1
Rows per page
Query Builder