CVE-2025-5403

A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/viewallposts.php of the component GET Parameter Handler. The manipulation of the argument postid leads to sql injection. ...

Blogbook 注入漏洞

Blogbook is a content management system project by the individual developer Chaitak Gorai. Blogbook 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and earlier versions have an injection vulnerability that stems from SQL injection of the parameter postid in the file /admin/viewallposts.php...

Mattermost Server安全漏洞

Mattermost Server is an open source messaging platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost Server that stems from an inability to enforce proper access control, which could allow users to view arbitrary post content via the /playbook addlashes...

PT-2024-18361 · WordPress · Autowriter

Name of the Vulnerable Software and Affected Versions: AutoWriter plugin for WordPress versions up to, and including, 3.3 Description: The issue allows authenticated attackers with subscriber access or higher to access, modify, or delete posts due to a missing capability check on functions hooked...

PT-2023-10297 · WordPress · View All Posts Page Plugin

Name of the Vulnerable Software and Affected Versions: View All Posts Page Plugin versions prior to 0.9.1 Description: A problematic issue has been found in the View All Posts Page Plugin on WordPress, affecting the action admin notices activation function of the file view-all-posts-pages.php. Th...

Improper access control

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...