22 matches found
CVE-2023-47643 SuiteCRM has Unauthenticated Graphql Introspection Enabled
SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...
PT-2023-31900 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/demo versions prior to 10.3.0 Description: The issue concerns excessive data query operations in a large data table. Additionally, introspection is enabled on the demo site demo.pimcore.fun, which allows users to run introspection...