CVE-2025-58386

Terminalfour 8–8.4.1.1 contains a server-side authorization flaw in the userLevel parameter of the user management function. A Power User can intercept and modify this parameter to elevate existing accounts to Administrator or invite new accounts with escalated privileges, and can also change the...

Terminalfour 安全漏洞

Terminalfour is a digital marketing and web content management platform for higher education from US-based Terminalfour. A security vulnerability exists in Terminalfour versions 8 through 8.4.1.1 that stems from insufficient authorization checking of the userLevel parameter, which could result in...

CVE-2025-58386

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new...

EUVD-2022-46954

Malicious code in bioql PyPI...

CVE-2022-47377

Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version = 1.13.4 as soon as possible available in SICK Support Portal...

CVE-2022-47377

Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version = 1.13.4 as soon as possible available in SICK Support Portal...

CVE-2022-27586

Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version = 2.0.0 as soon as possible available in SICK Support Portal...

CVE-2022-27584

Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby...

CVE-2022-27585

Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version = 1.6.0 as soon as possible available in SICK Support Portal...

Design/Logic Flaw

Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby...

Design/Logic Flaw

Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version = 2.0.0 as soon as possible available in SICK Support Portal...

CVE-2022-43989

The CVE-2022-43989 entry affects SICK SIM2x00 devices (ARM) with Partnumbers 1092673 and 1081902, on firmware versions older than 1.2.0. The vulnerability arises from a flaw in the password recovery mechanism that allows an unprivileged remote attacker to invoke password recovery and obtain acces...

CVE-2022-43990

The CVE-2022-43990 entry affects SICK SIM1012 Partnumber 1098146 with firmware versions prior to 2.2.0. It permits an unprivileged remote attacker to invoke the password recovery mechanism to gain the RecoverableUserLevel, increasing privileges and impacting confidentiality, integrity, and availa...

CVE-2022-27584

The CVE-2022-27584 entry describes a password recovery vulnerability in SICK SIM2000ST (Partnumber 1080579) where an unprivileged, remote attacker can invoke the password recovery mechanism to gain access at RecoverableUserLevel, increasing privileges and impacting confidentiality, integrity, and...

CVE-2022-27586

The CVE-2022-27586 issue affects SICK SIM1004 Partnumber 1098148 with firmware versions prior to 2.0.0. The vulnerability is a password recovery mechanism flaw that allows an unprivileged, remote attacker to invoke password recovery and gain access at the RecoverableUserLevel, leading to elevated...

CVE-2022-27585

Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version = 1.6.0 as soon as possible available in SICK Support Portal...

CVE-2022-43989

Password recovery vulnerability in SICK SIM2x00 ARM Partnumber 1092673 and 1081902 with firmware version = 1.2.0 as soon as possible available in SICK Support Portal...

CVE-2020-19165

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevelid=1 userlevelid parameter...

PHPSHE SQL注入漏洞

PHPSHE is a set of online shopping mall system of China PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics. SQL injection vulnerability exists in PHPSHE 1.7. An attacker can exploit this vulnerability by using the admin.php?mod=user&userlevelid=1...

File Store PRO 3.2 - Multiple Blind SQL Injection Vulnerabilities

No description provided by source. | File Store PRO 3.2 Blind SQL Injection | || Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: code ifisset$GETfolder && $GETfolder!= $folder=$GETfolder; else exitBad Request; ifisset$GETid && $GETid!= $id=$GETid; el...