Lucene search
K

7 matches found

OSV
OSV
added 2026/05/05 10:2 p.m.4 views

GHSA-6RVW-7P8V-MJFQ AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

Summary objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller including unauthenticated visitors, which defeats the admin-only guard...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/31 11:21 p.m.4 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the users.json.php process. An attacker can access sensitive personal and financial information of all users by sending authenticated...

7.1CVSS5.8AI score0.00316EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:38 p.m.6 views

CVE-2026-34395

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and wallet balances to any authenticated user. The endpoint checks User::isLogged but does not check User::isAdmin...

6.5CVSS5.9AI score0.00316EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.6 views

CVE-2025-65278

An issue was discovered in file users.json in GroceryMart commit 21934e6 2020-10-23 allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords...

0.0021EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.3 views

PT-2025-48185

Name of the Vulnerable Software and Affected Versions GroceryMart versions prior to commit 21934e6 2020-10-23 Description An issue exists in the users.json file that allows unauthenticated attackers to obtain sensitive information, including plaintext usernames and passwords. The affected commit ...

7.5CVSS6.5AI score0.0021EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

GroceryMart 安全漏洞

GroceryMart is an online grocery store platform by the individual developer Komal Bansal. A security vulnerability exists in GroceryMart, which stems from an issue with the file users.json, which could lead to an unauthenticated attacker obtaining sensitive information such as usernames and...

7.5CVSS6.5AI score0.0021EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Generex UPS Adapter CS141 Improper Input Validation (CVE-2022-47192)

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified users.json to the web server of the device, allowing him to replace the administrator password. This plugin only works with Tenable.ot. Please visit...

8.8CVSS8.4AI score0.01301EPSS
Exploits0References4
Rows per page
Query Builder