Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.6 views

CVE-2026-27012

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS5.9AI score0.00537EPSS
Exploits1References1
NVD
NVD
added 2026/03/03 10:16 p.m.22 views

CVE-2026-27012

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS0.00537EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/03 9:53 p.m.21 views

CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS0.00537EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/03 9:53 p.m.5 views

CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS6AI score0.00537EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/03 9:53 p.m.5 views

EUVD-2026-9334

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS6AI score0.00537EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 5:43 p.m.4 views

GHSA-247V-7CW6-Q57V OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php

Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...

9.8CVSS6AI score0.00537EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/03 5:43 p.m.10 views

OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php

Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...

9.8CVSS6AI score0.00537EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in idutentemod parameter in gestioneutenti.php file that can result...

9.8CVSS7.3AI score0.01622EPSS
Exploits1References2
OSV
OSV
added 2025/03/11 6:15 p.m.4 views

DEBIAN-CVE-2025-25748

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions e.g., modifying user passwords on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disput...

7.3CVSS5.3AI score0.00395EPSS
Exploits1References1
OSV
OSV
added 2025/03/11 6:15 p.m.2 views

UBUNTU-CVE-2025-25748

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions e.g., modifying user passwords on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disput...

7.3CVSS5.8AI score0.00395EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/03/07 12:7 p.m.80 views

Exploit for CVE-2525-25748

CVE-2025-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-i...

7.3CVSS7.8AI score0.00395EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/03/07 12:0 a.m.4 views

PT-2025-10458

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7 Description: A CSRF issue in the "gestione utenti.php" endpoint allows attackers to perform unauthorized actions, such as modifying user passwords, on behalf of authenticated users. This is due to the lack of origin o...

7.3CVSS5.9AI score0.00395EPSS
Exploits1References13
OSV
OSV
added 2018/12/20 5:29 p.m.2 views

UBUNTU-CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...

9.8CVSS7.4AI score0.01622EPSS
Exploits1References3
OSV
OSV
added 2018/12/20 5:29 p.m.1 views

DEBIAN-CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...

9.8CVSS9.6AI score0.01622EPSS
Exploits1References1
exploitpack
exploitpack
added 2010/04/08 12:0 a.m.12 views

Kubeit CMS - SQL Injection

Kubeit CMS - SQL Injection ============================================= Kubeit CMS Remote SQL Injection Vulnerability ============================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1...

8.7AI score
Exploits0
Rows per page
Query Builder