5 matches found
AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration
Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the PlayAction process. An attacker can access and download unauthorized media files by sending authenticated requests to the /api/station/stationid/file/id/play endpoint without proper station-level permission...
GHSA-QFF7-Q5FM-8P76 AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration
Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...
PHPCMS V9 Cross-Station 2 and repair-vulnerability warning-the black bar safety net
Some place it with the filter, the Server environment registerglobals = On time directly toXSS and... Fishing fishing. Nothing. In order to rank before the issue. Well well to. Detail:/install/header. tpl. php? step=b&stepsb=cc/titlescriptalert1 1 1;/scriptyou fuck your own test to go. In order t...
PHPCMS V9 Cross-Station 2 and repair-vulnerability warning-the black bar safety net
Some place it with the filter, the Server environment registerglobals = On time directly toXSS and... Fishing fishing. Nothing. In order to rank before the issue. Well well to. Detail:/install/header. tpl. php? step=b&stepsb=cc/titlescriptalert1 1 1;/script You fuck your own test to go. In order ...