CVE-2023-6905

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6903

CVE-2023-3907

CVE-2023-6904

A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.

Permalink

Cannot retrieve contributors at this time

**Background administrator password reset vulnerability**

**vuln in /include/web\_check.php**

![a](https://github.com/cve-vul/vul/raw/master/SEMCMS/a.png)

**In line 54 of the file, three variables are Judge whether it is empty; test\_input and verify\_str are keywords to detect whether the string has SQL and XSS. Let's ignore it here.**

**In line 60 of the file**

    $query=$db_conn->query("select * from sc_user where user_email='".$umail."' and user_rzm='".$urzm."'");
    

**The validity of $umail and $urzm is verified by database queries.Moreover, $urzm is generated by the random number Rand (10,10000).** ![d](https://github.com/cve-vul/vul/raw/master/SEMCMS/d.png) **And updated to the database in line 29**

![e](https://github.com/cve-vul/vul/raw/master/SEMCMS/e.png) **Finally, the verification code is obtained by direct blasting with burp tool**

Headline

CVE-2020-18078: vul/back_password_reset.md at master · cve-vul/vul

CVE: Latest News