Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-23686: There is one CSRF vulnerability that can Change administrator password。 · Issue #1 · loadream/AyaCMS

Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.

CVE
#csrf#vulnerability

Related news

CVE-2021-40884: Insecure Direct Object Reference in Files function · Issue #992 · projectsend/projectsend

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.

CVE-2021-39433: BIQSDRIVE

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.

CVE-2020-20693: There is a CSRF vulnerability that can add an administrator account · Issue #51 · GilaCMS/gila

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.

CVE-2020-20514: There is a CSRF vulnerability that can del the administrator account · Issue #76 · magicblack/maccms10

A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.

CVE-2020-20671: There is CSRF and Arbitrary file upload vulnerability getshell · Issue #3 · Kitesky/KiteCMS

A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.

CVE-2020-20672: There is CSRF and Arbitrary file upload vulnerability getshell · Issue #3 · Kitesky/KiteCMS

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907