CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

UnoPim 安全漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A security vulnerability exists in UnoPim 0.1.3 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Create User function that allows an...

PT-2024-34372 · Unopim · Unopim

Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.1.3 and below Description: The issue is related to Cross Site Scripting XSS in the Create User function, allowing attackers to perform XSS via an SVG document. This can be used to steal cookies. The vulnerability is exploite...

SourceCodester Best House Rental Management System SQL注入漏洞

SourceCodester Best House Rental Management System is a house rental management system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Best House Rental Management System version 1.0, which originates from the deleteuser/saveuser function in the /adminclass.php file,...

PT-2024-39189 · Sourcecodester · Sourcecodester Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A critical vulnerability has been found in the system. The issue affects the function delete user/save user of the file /admin class.php. The manipulation of the...

CVE-2024-45286

CVE-2024-45286 affects SAP Production and Revenue Accounting, specifically a function module in the obsolete Tobin interface lacking proper authorization checks. This can lead to unauthorized disclosure of highly sensitive data (confidentiality impact HIGH) with no reported impact on integrity or...

PT-2024-25196 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Laboratory Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the First Name parameter in the Create User function. This allows for potential malicious script injection...

PT-2024-25197 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Laboratory Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the Last Name parameter in the Create User function. This allows for potential malicious script injection...

PT-2024-9989 · WordPress · Vibebp

Name of the Vulnerable Software and Affected Versions: VibeBP versions 1.9.9.4.1 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation. This vulnerability is associated with the vibebp register user function in the...

PT-2023-32612 · Sourcecodester · Sourcecodester Loan Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Loan Management System version 1.0 Description: A critical issue has been found in the Users Page component, specifically in the delete user function of the deleteUser.php file. The manipulation of the user id argument leads to...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

Design/Logic Flaw

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-43331

A cross-site scripting XSS vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-37596

Cross Site Request Forgery CSRF vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function...

PT-2023-25406 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Fee Management System version 1.0 Description: A critical issue has been found, affecting the function save user of the file admin class.php in the component Add User Handler. This leads to improper access controls, allowi...

CVE-2023-34839

A Cross Site Request Forgery CSRF vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application...

PT-2022-10458 · Unknown · Rizalafani Cms-Php

Name of the Vulnerable Software and Affected Versions: rizalafani cms-php version 1 Description: The issue is related to a SQL Injection vulnerability in the get user function located in login manager.php. This vulnerability allows for potential SQL injection attacks. Recommendations: For...

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. A security vulnerability exists in Adobe Commerce versions 2.4.4-p1 and earlier and 2.4.5 and earlier, which stems from being affected by an improper access control vulnerability that could lead to t...