Page 102 of 3547 results (0.027 seconds)

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1

Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. • https://github.com/geraldoalcantara/CVE-2023-49982 https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. • https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 • CWE-27: Path Traversal: 'dir/../../filename' •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. • https://github.com/str2ver/CVE-2023-43318 https://github.com/str2ver/CVE-2023-43318/tree/main https://seclists.org/fulldisclosure/2024/Mar/9 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. • https://github.com/tldjgggg/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •