admin 安全漏洞

admin is a chatroom software developed by z-9527 as an individual developer. Both the 1.0 and 2.0 versions of admin have security vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter “isAdmin” in the file/server/routes/user.js, which may lead to the dynamic...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

EUVD-2026-8744

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-3200 z-9527 admin user.js getUsers sql injection

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

admin SQL注入漏洞

Admin is a chatroom software developed by Z-9527 as an individual developer. Versions 1.0 and 2.0 of Admin have SQL injection vulnerabilities. These vulnerabilities stem from incorrect operations on the functions checkName/register/login/getUser/getUsers in the file/server/controller/user.js, whi...

EUVD-2025-9488

Malicious code in bioql PyPI...

CVE-2025-29036

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component...

CVE-2025-29036

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component...

CVE-2025-29036

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component...

CVE-2025-29036

CVE-2025-29036 affects hackathon-starter v8.1.0. The vulnerability is a privilege escalation via the bundled user.js component, enabling a remote attacker to elevate privileges (per the CVE description). The CVE notes a local attack vector with low to moderate overall severity (CVSS 3.1: AV L, AC...

CVE-2025-29036

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component...

SUSE CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

CVE-2015-10055

A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is...

Sql injection

A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is...

CVE-2015-10055 PictureThisWebServer user.js router.post sql injection

A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is...

CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference value...

CVE-2020-6828

The Mozilla Foundation Security Advisory describes this flaw as: A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to...