CVE-2024-33990

CVE-2024-33990 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0 . The issue can be triggered by an authenticated user who receives a specially crafted payload via the id and view parameters in /user/index.php , allowing an attacker to partially take over...

Dolibarr ERP and CRM SQLi

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

GHSA-V3M8-7H3P-6J5M Dolibarr ERP and CRM SQLi

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2021-43693

vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php...

CVE-2021-43693

Vesta 0.9.8-24 is affected by a file inclusion vulnerability in web/add/user/index.php due to insufficient filtering and restriction on file references. This can be exploited to cause file inclusion, per CVE-2021-43693 and CNVD/CNNVD entries. The documents do not specify exploit details beyond th...

Made vesta 安全漏洞

Made vesta is a Made open source application. Made vesta version 0.9.8-24 contains a file inclusion vulnerability, which stems from a lack of filtering and restriction on file references in the web/add/user/index.php file, and can be exploited by attackers to cause file inclusion...

CVE-2018-20569

The CVE-2018-20569 entry applies to the Ivan Cordoba Generic Content Management System (CMS) and concerns a SQL injection vulnerability in the file user/index.php up to 2018-04-28. The root cause is improper input handling in the authentication logic, enabling a bypass of authentication. If explo...

Sql injection

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php searchsupervisor and searchstatut parameters...

CVE-2016-2151

user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...

TCPDB Security Bypass Vulnerability

This host is installed with TCPDB and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodtcpdbsecbypassvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ TCPDB Security Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 SecPod, http://www.secpod.com This...

CVE-2009-1670

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2009-1670

TCPDB 3.8 is vulnerable to a security bypass where user/index.php does not require administrative authentication, allowing remote attackers to add admin accounts via unspecified vectors. This is documented in multiple sources (NVD entry CVE-2009-1670 and OpenVAS entries) with CVSS base score 7.5 ...

CVE-2009-1670

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information...

trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion

Binary data 4577.prm...