Team IT Security (TSEC) Nachrichtenportal Logo

🕵️ CVE-2025-3537 | Tutorials-Website Employee Management System 1.0 /admin/update-user.php ID improper authorization


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vuldb.com

A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-3537. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. ...

Sharing is caring on Social Media

Reddit
Telegram
LinkedIn
Xing
Twitter
Whatsapp
Facebook
Flipboard

🐧 Guys I am making free tutorials on highest payable bug bounty tutorials to find and fix issues. I am making 100 free tutorials on get highest payable job easily


📈 41.55 Punkte
🐧 Linux Tipps

🔧 Expert-Level Tutorials on Stable Diffusion & SDXL & Generative AI: Master Advanced Techs — 75 Tutorials


📈 27.7 Punkte
🔧 Programmierung

🔧 How I Approach Tutorials To Avoid Tutorials Hell


📈 27.7 Punkte
🔧 Programmierung

🕵️ CVE-2024-25420 | Ignite Realtime Openfire up to 4.9.0 System Property admin.authorizedJIDs improper authorization


📈 26.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-9297 | SourceCodester Online Railway Reservation System 1.0 /admin/ page improper authorization


📈 26.63 Punkte
🕵️ Sicherheitslücken

⚠️ [webapps] Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)


📈 24.3 Punkte
⚠️ PoC

🕵️ CVE-2023-20254 | Cisco Catalyst SD-WAN Manager Session Management System improper authorization (cisco-sa-sdwan-vman-sc-LRLfu2z)


📈 23.88 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-6538 | Hitachi Vantara System Management Unit prior 14.8.7825.01 SMU Configuration Backup improper authorization


📈 23.88 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-28668 | Role-based Authorization Strategy Plugin up to 587.v2872c41fa_e51 on Jenkins improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-30260 | nodejs undici up to 5.28.3/6.11.0 HTTP Header fetch Proxy-Authorization improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-40261 | Diebold Nixdorf Vynamic Security Suite Pre-Boot Authorization improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-24064 | Diebold Nixdorf Vynamic Security Suite up to 3.3.0 SR3 Pre-Boot Authorization /etc/initab improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-33206 | Diebold Nixdorf Vynamic Security Suite Pre-Boot Authorization improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-24063 | Diebold Nixdorf Vynamic Security Suite up to 3.3.0 SR09 Pre-Boot Authorization /etc/mtab improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-28865 | Diebold Nixdorf Vynamic Security Suite up to 3.3.0 SR14/4.0.0 SR04/4.1.0 SR02/4.2.0 SR01 Pre-Boot Authorization improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-37382 | Ab Initio Metadata Hub and Authorization Gateway up to 4.3.1.0 Server Configuration improper authorization


📈 23.63 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-25214 | Employee Managment System 1.0 /alogin.html Password improper authentication


📈 22.99 Punkte
🕵️ Sicherheitslücken

🕵️ Veritas APTARE up to 10.4 Authorization improper authorization


📈 22.67 Punkte
🕵️ Sicherheitslücken

🕵️ Apache Hadoop up to 2.10.0/3.1.3/3.2.1 SPNEGO Authorization Header improper authorization


📈 22.67 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-41841 | Fortinet FortiOS prof-admin Profile improper authorization (FG-IR-23-318)


📈 22.62 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-49233 | Stilog Visual Planning Admin Center 8 prior 1 Build 240207 improper authorization


📈 22.62 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-25635 | alf.io 2.0-M4-2301/2.0-M4-2304 API Endpoint /admin/api/users/ improper authorization of index containing sensitive information (GHSA-ffr5-g3qg-gp4f)


📈 22.62 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-32517 | WooCommerce & WordPress Tutorials Custom Thank You Page Customize for WooCommerce by Binary Carpenter Plugin authorization


📈 22.24 Punkte
🕵️ Sicherheitslücken

🕵️ WordPress © 2015 Neon Admin Theme by Laborator.co Improper Authorization Vulnerability


📈 21.66 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-1832 | SourceCodester Complete File Management System 1.0 Admin Login Form /admin/ username sql injection


📈 21.47 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-33580 | PHPGurukul Student Study Center Management System 1.0 Admin Profile Page Admin Name cross site scripting (ID 173030 / EDB-51528)


📈 21.47 Punkte
🕵️ Sicherheitslücken

🕵️ Employee Performance Evaluation System 1.0 Admin Portal Task/Description cross site scripting


📈 20.63 Punkte
🕵️ Sicherheitslücken

🪟 As Bobby Kotick leaves Microsoft and Activision for good, an ex-employee describes how he once threatened to "have an employee killed"


📈 20.4 Punkte
🪟 Windows Tipps

🔧 Clustered Index and Non-Clustered | Employee ID | Employee Name


📈 20.4 Punkte
🔧 Programmierung

📰 Spyrix Employee Monitoring Employee: All-In-One Business Solution


📈 20.4 Punkte
📰 IT Security Nachrichten

🕵️ Grav Admin Plugin up to 1.10.10 /admin authorization


📈 20.26 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2022-39030 | Lianquan Smart eVision System Information Query improper authorization


📈 20.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-38021 | Fortanix EnclaveOS up to 3.31 on Intel SGX System Call enclave_ecall improper authorization (GHSA-v3vm-9h66-wm76)


📈 20.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-2641 | Ruijie RG-NBS2009G-P up to 20240305 Password /system/passwdManage.htm improper authorization


📈 20.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-38467 | Shenzhen Guoxin Synthesis Image System up to 8.2.x API queryUser improper authorization


📈 20.22 Punkte
🕵️ Sicherheitslücken