warmachine-57

2 exploits Active since Jun 2022
CVE-2021-44117 NOMISEC HIGH NO CODE
Fuel CMS 1.5.0 - Cross-Site Request Forgery via Site Variables Deletion Endpoint
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVSS 8.8
CVE-2021-44582 NOMISEC HIGH NO CODE
Sourcecodester Money Transfer Management System 1.0 - Privilege Escalation via Forced Browsing
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.
CVSS 8.8