CVE-2023-46730 Server-Side Request Forgery in groupoffice

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to improper restrictions in the /api/v4/redirectlocation endpoint, which results in a Denial of Service due to the of caching large items...

PT-2023-30394 · Qualitor · Qualitor

Name of the Vulnerable Software and Affected Versions: Qualitor versions prior to 8.21 Description: The issue allows remote attackers to execute arbitrary code. This can be achieved by injecting PHP code into the gridValoresPopHidden parameter in the...

Server-Side Request Forgery (SSRF)

foodcoopshop/foodcoopshop is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of proper image validation. This flaw permits an attacker to send a request to any host on the local network, which then responds with a 200 status code for a HEAD requests serving a...

CVE-2023-46725 FoodCoopShop Server-Side Request Forgery vulnerability

FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a request to an...

PT-2023-26707

Name of the Vulnerable Software and Affected Versions Lost and Found Information System version 1.0 Description The issue allows account takeover via username and password to a "/classes/Users.php?f=save" API endpoint. Recommendations For Lost and Found Information System version 1.0, consider...

PT-2023-30248 · Unknown · Peppermint Ticket Management

Name of the Vulnerable Software and Affected Versions: Peppermint Ticket Management versions 0.2.4 and earlier Description: The issue allows remote attackers to read arbitrary files via a "/api/v1/ticket/1/file/download?filepath=../" POST request. This is achieved by exploiting the filepath...

SALESmanago < 3.2.5 - Log Injection via Weak Authentication Token

Description The plugin uses a weak authentication toke for it's /wp-json/salesmanago/v1/callbackApiV3 API endpoint, allowing unauthenticated attackers to inject arbitrary content into the plugin logs...

PT-2023-7234 · Cisco · Cisco Firepower Management Center (Fmc)

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient input validation in the file download feature of Cisco Firepower Management Center FMC Software. This could allow...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to the /api/v4/users/ids endpoint which lacks a duplicate id check. This allows an attacker to send a request with multiple identical IDs which can consume excessive resources...

Fides Information Disclosure Vulnerability in Config API Endpoint

Impact The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the...

CVE-2023-4939 SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...

PT-2023-29944 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.4.20-canary.13 Description: The issue is related to a lack of a cache-control header in Next.js, which can cause empty prefetch responses to be cached by a CDN. This can lead to a denial of service for all users...

WordPress Plugin SALESmanago Authorization Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

PT-2023-29791 · Sourcecodester · Sourcecodester Best Courier Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Best Courier Management System version 1.0 Description: The issue concerns SQL Injection via the id parameter in the "/edit staff.php" API endpoint. This allows for potential exploitation. Recommendations: For Sourcecodester Be...

Improper Access Control

vantage6-server is vulnerable to Improper Access Control. The vulnerability is due to improper permission checks in the /api/collaboration/id/task endpoint which retrieves tasks from a collaboration. Vantage only checks if the user has permission to view the collaboration, but should also check i...

PT-2023-29732 · Unknown · Vitogate 300

Name of the Vulnerable Software and Affected Versions: Vitogate 300 version 2.1.3.0 Description: The issue allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method in the...

CVE-2023-41882

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

MTN Group: Information disclosure via enabled Django Debug Mode

The Django Debug Mode was enabled, which resulted in the disclosure of error messages, API endpoints, and the ability to register arbitrary user accounts and enumerate email addresses of registered users...

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...