bcvgh

CVE-2023-33557 WRITEUP HIGH WRITEUP

Fuel CMS 1.5.2 - SQL Injection via Blocks Controller id Parameter

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.

CVSS 8.8

View Code

CVE-2024-28270 WRITEUP HIGH WRITEUP

web-flash 3.0 - Unauthenticated Password Reset via /prod-api/user/resetPassword

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.

CVSS 8.1

View Code