CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

CVE-2023-25760

Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload...

PT-2022-22250 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to modify user passwords and other attributes via modification of the user id parameter. This is due to an Insecure Direct Object Reference IDOR vulnerability. Recommendations:...

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

Cross site request forgery (csrf)

White Shark System WSS 1.3.2 is vulnerable to CSRF. Attackers can use the usereditpassword.php file to modify the user password...

Logic flaw vulnerability in ZZCMS (CNVD-2021-14557)

ZZCMS is a completely open source based on PHP, ASP's product investment website management system , project investment website management system , enterprise website management system . ZZCMS logic flaws exist in the vulnerability , attackers can use the vulnerability to modify the existing user...

iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.31.02c: http://www.idefense.com/advisory/10.31.02c.txt PHP-Nuke SQL Injection Vulnerability October 31, 2002 I. BACKGROUND "PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The...