WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection and MIME validation in the objects/userSavePhoto.php...

CVE-2026-34427

Vvveb versions prior to 1.0.8.1 contain a privilege escalation in the admin/user/save endpoint. An authenticated user can inject role_id=1 in profile save requests to elevate to Super Administrator, enabling plugin upload functionality and remote code execution. The fix is provided in 1.0.8.1 (se...

EUVD-2026-19767

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

CVE-2025-14836

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-14836

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-14836

CVE-2025-14836 concerns ZZCMS 2025. The vulnerability affects the User Data Storage Module, specifically the file path "/reg/user_save.php". The issue enables cleartext storage of data on disk due to an unknown functionality manipulation. Remote exploitation is possible, and an exploit has been p...

CVE-2025-14836 ZZCMS User Data Storage user_save.php cleartext storage in file

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-14836 ZZCMS User Data Storage user_save.php cleartext storage in file

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in ZZCMS version 2025, which stems from improper manipulation of the file /reg/usersave.php by the user data storage module, which could lead to plaintext storage...

EUVD-2011-5215

Malware in sbrugna...

tianti 安全漏洞

tianti tianti is a JAVA lightweight CMS solution by jeffry personal developer. A security vulnerability exists in tianti 2.3 and earlier versions, which originates from the function exportOrder in the file /tianti-module-admin/user/ajax/save resulting in a CSV injection that could lead to a remot...

Linux Distros Unpatched Vulnerability : CVE-2016-3169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the...

CVE-2025-4881

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/usersave.php. The manipulation of the argument username/name leads to sql injection. The attack may be launched remotely...

CVE-2025-3788

A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has...

CVE-2025-3788 baseweb JSite save cross site scripting

A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has...

Online Restaurant Management System 注入漏洞

Online Restaurant Management System is a Code-projects open source online restaurant management system. An injection vulnerability exists in Online Restaurant Management System version 1.0, which originates from improper handling of the parameter Name in the /admin/usersave.php file, which can le...

Improper access control

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface...

GHSA-F6XP-59JQ-R35C Phachon mm-wiki Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter...

PT-2023-11518 · Phachon · Mm-Wiki

Name of the Vulnerable Software and Affected Versions: Phachon mm-wiki version 0.1.2 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the system/user/save parameter. Recommendations: For Phachon mm-wiki version 0.1.2, consider restricting acce...

CVE-2022-30073

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...