Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
add user project add user vulnerabilities and exploits
(subscribe to this query)
5.7
CVSSv3
CVE-2020-19268
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated malicious users to arbitrarily add administrator users.
Dswjcms Project Dswjcms 1.6.4
6.5
CVSSv3
CVE-2021-39394
mm-wiki v0.2.1 exists to contain a Cross-Site Request Forgery (CSRF) which allows malicious users to arbitrarily add user accounts and modify user information.
Mm-wiki Project Mm-wiki 0.2.1
7.5
CVSSv3
CVE-2022-25878
The package protobufjs prior to 6.11.3 are vulnerable to Prototype Pollution which can allow an malicious user to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to Reflectio...
Protobufjs Project Protobufjs
4.8
CVSSv3
CVE-2018-7650
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parame...
Hot Scripts Clone Project Hot Scripts Clone 3.1
8.8
CVSSv3
CVE-2023-45906
Dreamer CMS v4.1.3 exists to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
Dreamer Cms Project Dreamer Cms 4.1.3
6.5
CVSSv3
CVE-2020-21139
EC Cloud E-Commerce System v1.3 exists to contain a Cross-Site Request Forgery (CSRF) which allows malicious users to arbitrarily add admin accounts via /admin.html?do=user&act=add.
Ec Cloud E-commerce System Project Ec Cloud E-commerce System 1.3
8.8
CVSSv3
CVE-2021-41916
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and previous versions allows a remote malicious user to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin us...
Webtareas Project Webtareas
NA
CVE-2015-5515
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x prior to 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account li...
Views Bulk Operations Project Views Bulk Operations 7.x-3.x
Views Bulk Operations Project Views Bulk Operations 7.x-3.0
Views Bulk Operations Project Views Bulk Operations 7.x-3.1
Views Bulk Operations Project Views Bulk Operations 7.x-3.2
Views Bulk Operations Project Views Bulk Operations 6.x-1.x
Views Bulk Operations Project Views Bulk Operations 6.x-1.17
8.8
CVSSv3
CVE-2016-10529
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new a...
Droppy Project Droppy
8.8
CVSSv3
CVE-2018-11445
A CSRF issue exists on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
Easyservice Billing Project Easyservice Billing 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »