Autore: Angelo Barbosa

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. This vulnerability is known as CVE-2025-1609. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. This vulnerability is traded as CVE-2025-1608. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authorization bypass. The identification of this vulnerability is CVE-2025-1607. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-1606. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability classified as problematic has been found in scottpaterson Accept Donations with PayPal & Stripe Plugin up to 1.4.4 on WordPress. This affects an unknown part. The manipulation of the argument rf leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13728. It is possible to initiate the attack remotely. There is no exploit...