In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack …

A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated rem…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public …

Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6…

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.

SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.

An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.

Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.