kvf-admin 安全漏洞

kvf-admin is a set of rapid development frameworks, scaffolding, backend management systems, and permission systems developed by KalvinGit’s individual developers. Version 1.1.0 of kvf-admin contains a security vulnerability. This vulnerability stems from improper permission settings in the...

CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

CVE-2026-0574 yeqifu warehouse Request UserController.java saveUserRole improper authorization

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper...

CVE-2026-0574 yeqifu warehouse Request UserController.java saveUserRole improper authorization

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper...

CVE-2025-15094

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of Ji Sheng Hua in China. A security vulnerability exists in jshERP v3.5, which stems from improper access control in the UserController.java component and could lead to elevated levels of privilege...

ASB-A-360838273

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

wangmarket 安全漏洞

wangmarket is a privatized deployment of your own SAAS cloud builder system for xnx3 individual developers in China. A security vulnerability exists in wangmarket versions v4.10 through v5.0, which originates from a cross-site request forgery vulnerability in the /controller/UserController.java...

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

CVE-2024-46609

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords...

PT-2024-32072 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows attackers to bypass authentication by entering arbitrary values as the username and password via the loginAdmin method in the UserController.java file. This enables unauthorized...

CVE-2024-46607

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...

CVE-2024-41601

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...

PT-2024-29458 · Lin-Cms · Lin-Cms

Name of the Vulnerable Software and Affected Versions: lin-CMS versions 0.2.0 and before Description: The issue allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Recommendations: For lin-CMS versions 0.2.0 and before, consider...

CVE-2024-0491

Summary: CVE-2024-0491 affects Huaxia ERP up to version 3.1, targeting the file src/main/java/com/jsh/erp/controller/UserController.java. The issue is described as a vulnerability that enables weak password recovery through manipulation of an unknown function in that controller, with remote explo...

CVE-2024-0491 Huaxia ERP UserController.java password recovery

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to...

CVE-2024-0491 Huaxia ERP UserController.java password recovery

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to...

PT-2024-15608 · Unknown · Huaxia Erp

Name of the Vulnerable Software and Affected Versions: Huaxia ERP versions up to 3.1 Description: A problematic issue has been found in Huaxia ERP, affecting an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. This issue leads to weak password recovery and ca...

Information Disclosure

org.apache.inlong: manager-web is vulnerable to Information Disclosure. The vulnerability is due to the list and getByName functions in UserController.java lacking Role-Based Access Control. This allows any authenticated user to access data that meant for admin regardless of their role...