Lucene search
+L

249 matches found

Prion
Prion
added 2024/01/02 10:15 p.m.23 views

Sql injection

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

4.7CVSS8.6AI score0.00662EPSS
Exploits3References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/02 12:0 a.m.5 views

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

5.2AI score0.00662EPSS
Exploits3References3
Cvelist
Cvelist
added 2024/01/02 12:0 a.m.32 views

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

5.1AI score0.00662EPSS
Exploits3References3
Veracode
Veracode
added 2023/11/01 8:58 a.m.20 views

Information Disclosure

matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...

5.3CVSS6.8AI score0.00897EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2023/08/20 10:15 p.m.19 views

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/editupdate.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated...

6.5CVSS9.7AI score0.00649EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/08/06 11:15 a.m.17 views

CVE-2023-4183

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file editupdate.php of the component Password Handler. The manipulation of the argument userid leads to improper access controls. The atta...

9.8CVSS5.9AI score0.00431EPSS
Exploits0References2
Prion
Prion
added 2023/08/06 11:15 a.m.21 views

Improper access control

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file editupdate.php of the component Password Handler. The manipulation of the argument userid leads to improper access controls. The atta...

4CVSS9.5AI score0.00431EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/05/09 1:15 p.m.16 views

Sql injection

A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument...

6.5CVSS9.6AI score0.00834EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/04/07 6:15 p.m.2 views

CVE-2023-1940

A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file deleteuserquery.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...

9.1CVSS6.5AI score0.00641EPSS
Exploits1References3
CNVD
CNVD
added 2023/01/14 12:0 a.m.24 views

Lead Management System SQL Injection Vulnerability (CNVD-2023-05740)

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the userid parameter of changePassword.php. An attacker could use this...

9.8CVSS3.6AI score0.00872EPSS
Exploits1References1
NVD
NVD
added 2023/01/11 3:15 p.m.26 views

CVE-2022-47859

Lead Management System v1.0 is vulnerable to SQL Injection via the userid parameter in changePassword.php...

9.8CVSS9.8AI score0.00872EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/11 12:0 a.m.33 views

CVE-2022-47859

Lead Management System v1.0 is vulnerable to SQL Injection via the userid parameter in changePassword.php...

10AI score0.00872EPSS
Exploits1References2
Prion
Prion
added 2022/11/28 10:15 p.m.18 views

Design/Logic Flaw

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

5CVSS7.4AI score0.00745EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/19 1:21 p.m.29 views

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

6.7AI score0.01106EPSS
Exploits0References5
Hacker One
Hacker One
added 2022/05/30 8:44 p.m.27 views

TikTok: IDOR in family pairing API

Vulnerability description not provided...

7.1AI score
Exploits0
CVE
CVE
added 2022/04/10 9:1 p.m.77 views

CVE-2022-27960

CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...

5.5CVSS5.5AI score0.00459EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/04/10 12:0 a.m.2 views

中天网络科技 OFCMS 安全漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. A security vulnerability exists in OFCMS v1.1.4, which originates from an insecure privilege configured in the userid parameter in...

5.5CVSS5.8AI score0.00459EPSS
Exploits1References2
0day.today
0day.today
added 2021/09/15 12:0 a.m.198 views

Support Board 3.3.3 - Multiple SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection Unauthenticated Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.3 Tested on: Ubuntu 20.04.2 LTS ----- PoC 1:...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/05/05 12:0 a.m.733 views

Simple Admin Language Change < 2.0.2 - Arbitrary User Locale Change

The plugin did not have proper capability and CSRF checks in its changeuserlocale AJAX action, and was also affected by an IDOR issue, allowing any authenticated user to change the locale of another user. v2.0.1 fixed the authorisation and IDOR but still had an incorrect CSRF logic which was fixe...

2.7AI score
Exploits0
Hacker One
Hacker One
added 2020/08/06 12:48 p.m.89 views

Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

@zzzhacker13 identified a Solr Injection on the userid parameter at :/v2/leaderboardv2.json. Our team analyzed internally and found that only fq=injection was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one...

0.3AI score
Exploits0
Rows per page
Query Builder