Lucene search
K

142 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:18 a.m.7 views

CVE-2022-30829

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\usersedit.php...

7.2CVSS8.1AI score0.00945EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.10 views

CVE-2022-28525

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edituser=1...

8.8CVSS7.6AI score0.00946EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.3 views

Hope-Boot 安全漏洞

Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. A security vulnerability exists in Hope-Boot v1.0.0, which stems from improper access control in the component /user/edit/ and could lead to bypassing authentication...

9.8CVSS6.6AI score0.00442EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.4 views

MRCMS 代码注入漏洞

MRCMS is a content management system by marker personal developer. A code injection vulnerability exists in MRCMS version 3.1.3, which originates from a cross-site scripting attack due to an incorrect manipulation of the parameter Username in the file /admin/user/edit.do...

5.4CVSS4.1AI score0.0026EPSS
Exploits1References5
OSV
OSV
added 2025/05/05 12:0 a.m.3 views

CVE-2025-45611

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...

9.8CVSS7AI score0.00442EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.4 views

PT-2025-7552 · Unknown · Movable Type

Name of the Vulnerable Software and Affected Versions: Movable Type affected versions not specified Description: Movable Type contains a reflected cross-site scripting issue in the user information edit page. When the Multi-Factor authentication plugin is enabled and a user accesses a crafted pag...

6.1CVSS6.6AI score0.00238EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.321 views

AccPack Cop 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : AccPack Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/30 12:0 a.m.219 views

AccPack Buzz Cop 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : AccPack Buzz Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
OSV
OSV
added 2023/10/27 6:15 p.m.4 views

CVE-2023-5827

A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed t...

9.8CVSS5.6AI score0.00684EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.3 views

PT-2023-32359 · Shanghai Cti Navigation · Cti Monitoring/Early Warning System

Name of the Vulnerable Software and Affected Versions: Shanghai CTI Navigation CTI Monitoring and Early Warning System version 2.2 Description: A critical issue was found in the system, affecting the /Web/SysManage/UserEdit.aspx file. The manipulation of the ID argument leads to sql injection. Th...

9.8CVSS6.2AI score0.00684EPSS
Exploits1References7
NVD
NVD
added 2023/10/03 1:15 p.m.23 views

CVE-2023-32790

Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...

6.1CVSS4.9AI score0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.4 views

PT-2023-24024 · Nxlog · Nxlog Manager

Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Scripting XSS issue allows an attacker to inject malicious JavaScript into the Full Name field during user edit, due to improper sanitization of the input parameter. This enables the...

6.1CVSS6AI score0.00331EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/09/29 9:21 a.m.12 views

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS6.7AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/29 9:21 a.m.24 views

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS4.5AI score0.00366EPSS
Exploits0References1
Prion
Prion
added 2023/06/14 2:15 p.m.18 views

Sql injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit...

7.5CVSS9.8AI score0.04228EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.4 views

PT-2023-17073 · Sourcecodester · Sourcecodester E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue affects some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the USERID...

9.8CVSS6.6AI score0.00457EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.5 views

SourceCodester E-Commerce System 访问控制错误漏洞

Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. An access control error vulnerability exists in SourceCodester E-Commerce System version 1.0, which stems from a security issue with an unknown function in the file...

9.8CVSS6.8AI score0.00457EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.4 views

SUSE CVE-2015-7707

Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp...

6.5CVSS6.8AI score0.06029EPSS
Exploits2References3
OSV
OSV
added 2022/12/30 9:15 p.m.6 views

CVE-2022-46580

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the usereditpage parameter in the wificaptiveportal function...

9.8CVSS5.8AI score0.00873EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/30 12:0 a.m.8 views

PT-2022-27908 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the wifi captive portal function, specifically via the user edit page parameter. Recommendations: For TRENDnet TEW755AP version 1.13B01, consider...

9.8CVSS9.5AI score0.00873EPSS
Exploits1References2
Rows per page
Query Builder