12 matches found
📄 Kalmia CMS 0.2.0 User Enumeration
Proof of concept exploit that demonstrates a user enumeration vulnerability via the JWT authentication API on Kalmia CMS version 0.2.0. ============================================================================================================================================= | Title : Kalmia CM...
EUVD-2025-201310
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
PT-2025-49145
Name of the Vulnerable Software and Affected Versions Kalmia CMS version 0.2.0 Description Kalmia CMS version 0.2.0 has an issue with access control in the /kal-api/auth/users API endpoint. Insufficient permission validation and excessive data exposure in the backend allow an authenticated user...
CVE-2025-65899
Kalmia CMS v0.2.0 is affected by an authentication flaw described as an Observable Response Discrepancy. The login endpoint /kal-api/auth/jwt/create reveals existence of accounts by returning distinct messages: user_not_found for invalid usernames and invalid_password for valid usernames with a w...
CVE-2025-65900
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
CVE-2025-65900
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...
CVE-2025-65900
Kalmia CMS 0.2.0 is affected by CVE-2025-65900 via the /kal-api/auth/users endpoint. The root cause is insufficient permission validation and excessive data exposure, enabling an authenticated user with basic read permissions to retrieve sensitive information for all platform users. A public PoC ...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
Exploit for CVE-2025-65900
CVE-2025-65900: Kalmia CMS v0.2.0 - is vulnerable to Incorrect...
Exploit for CVE-2025-65899
CVE-2025-65899: Kalmia CMS v0.2.0 - is vulnerable to Observab...