Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/Ch
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation atta
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class
Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access.
Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is know
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol.
Page 1+ Next →