7 matches found
KONGA 0.14.9 - Privilege Escalation
KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...
CVE-2021-42192
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation...
CVE-2021-42192
creationtimestamp| type| source ---|---|--- 2022-05-04 14:34:49+00:00| seen| https://t.me/cibsecurity/41891 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-42192.yaml...
CVE-2021-42192
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation...
CVE-2021-42192
CVE-2021-42192 affects KONGA v0.14.9 with an incorrect access control that allows privilege escalation via a crafted request. The attack vector demonstrated in the Nuclei template targets /api/user/{ID} with ADMIN privileges, enabling higher-privilege administration access. The underlying issue i...
CVE-2021-44103
CVE-2021-44103 is documented as a duplicate of CVE-2021-42192, with connected data detailing a privilege-escalation flaw in KONGA 0.14.9. The Nuclei template for CVE-2021-42192 describes an improper access control that lets an authenticated user elevate to full admin by crafting a request (notabl...
Exploit for Incorrect Authorization in Konga_Project Konga
Konga Privilege Escalation - CVE-2021-42192 Authenticated Privil...