Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
administrator privileges vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-0395
Ultimate PHP Board (UPB) 1.9 allows remote malicious users to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
Myupb Ultimate Php Board 1.9
1 EDB exploit
7.2
CVSSv2
CVE-2021-20079
Nessus versions 8.13.2 and previous versions were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
Tenable Nessus
3.5
CVSSv2
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
7.5
CVSSv2
CVE-2004-1652
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
Brickhost Phpscheduleit 1.0
NA
CVE-2023-25011
PC settings tool Ver10.1.26.0 and previous versions, PC settings tool Ver11.0.22.0 and previous versions allows a malicious user to write to the registry as administrator privileges with standard user privileges.
Nec Pc Settings Tool
6.5
CVSSv2
CVE-2020-9456
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Metagauss Registrationmagic
3.5
CVSSv2
CVE-2022-1027
The Page Restriction WordPress (WP) WordPress plugin prior to 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.
Minioragne Page Restriction
NA
CVE-2023-30459
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
Smartptt Smartptt Scada 1.1
1 Github repository
7.5
CVSSv2
CVE-2006-2116
planetGallery allows remote malicious users to gain administrator privileges via a direct request to admin/gallery_admin.php.
Planet Concept Planetgallery
1 EDB exploit
NA
CVE-2022-44244
An authentication bypass in Lin-CMS v0.2.1 allows malicious users to escalate privileges to Super Administrator.
Lin-cms Project Lin-cms 0.2.1
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »