142 matches found
CVE-2022-30829
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\usersedit.php...
CVE-2022-28525
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edituser=1...
Hope-Boot 安全漏洞
Hope-Boot is a modern scaffolding project by the individual developer java-aodeng. A security vulnerability exists in Hope-Boot v1.0.0, which stems from improper access control in the component /user/edit/ and could lead to bypassing authentication...
MRCMS 代码注入漏洞
MRCMS is a content management system by marker personal developer. A code injection vulnerability exists in MRCMS version 3.1.3, which originates from a cross-site scripting attack due to an incorrect manipulation of the parameter Username in the file /admin/user/edit.do...
CVE-2025-45611
Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...
PT-2025-7552 · Unknown · Movable Type
Name of the Vulnerable Software and Affected Versions: Movable Type affected versions not specified Description: Movable Type contains a reflected cross-site scripting issue in the user information edit page. When the Multi-Factor authentication plugin is enabled and a user accesses a crafted pag...
AccPack Cop 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : AccPack Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
AccPack Buzz Cop 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : AccPack Buzz Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
CVE-2023-5827
A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed t...
PT-2023-32359 · Shanghai Cti Navigation · Cti Monitoring/Early Warning System
Name of the Vulnerable Software and Affected Versions: Shanghai CTI Navigation CTI Monitoring and Early Warning System version 2.2 Description: A critical issue was found in the system, affecting the /Web/SysManage/UserEdit.aspx file. The manipulation of the ID argument leads to sql injection. Th...
CVE-2023-32790
Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...
PT-2023-24024 · Nxlog · Nxlog Manager
Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Scripting XSS issue allows an attacker to inject malicious JavaScript into the Full Name field during user edit, due to improper sanitization of the input parameter. This enables the...
CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
Sql injection
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit...
PT-2023-17073 · Sourcecodester · Sourcecodester E-Commerce System
Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue affects some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the USERID...
SourceCodester E-Commerce System 访问控制错误漏洞
Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. An access control error vulnerability exists in SourceCodester E-Commerce System version 1.0, which stems from a security issue with an unknown function in the file...
SUSE CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp...
CVE-2022-46580
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the usereditpage parameter in the wificaptiveportal function...
PT-2022-27908 · Trendnet · Trendnet Tew755Ap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the wifi captive portal function, specifically via the user edit page parameter. Recommendations: For TRENDnet TEW755AP version 1.13B01, consider...