4 matches found
CVE-2025-1101
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...
PT-2025-7160 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...
Ec-cube 跨站请求伪造漏洞
EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...