575 matches found
GHSA-RP28-MVQ3-WF8J Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-2304
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-2304 Camaleon CMS Privilege Escalation
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-2304 Camaleon CMS Privilege Escalation
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CamaleonCMS 安全漏洞
CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS that stems from a mass assignment that could lead to elevation of privilege...
PT-2025-11259
Name of the Vulnerable Software and Affected Versions Camaleon CMS affected versions not specified Description Privilege escalation is possible through mass assignment, a condition where an application takes user-provided data and binds it to an internal object without proper filtering. This occu...
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2024-7297
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...
CVE-2024-0404
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
PT-2024-28901 · Unknown · Pantera Crm
Name of the Vulnerable Software and Affected Versions: Pantera CRM versions 401.152 through 402.072 Description: A mass assignment issue exists, allowing authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...
CVE-2024-7297
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...
CVE-2024-7297 Langflow Privilege Escalation
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...
CVE-2024-7297 Langflow Privilege Escalation
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...
Mass Assignment
Laravel is vulnerable to Mass Assignment. The vulnerability is due to improper column quoting for database drivers, which can be exploited when not using the fillable property on models, particularly when using the guarded property and passing a user-controlled array into an "update" or "save"...
Mass Assignment
Laravel is vulnerable to Mass Assignment. The vulnerability is due to insufficient column quoting for all database drivers, which could allow attackers to perform unauthorized mass assignment operations. If using guarded and passing a user-controlled array into an "update" or "save" function,...
Laravel Guard bypass in Eloquent models
In laravel releases before 6.18.34 and 7.23.2. It was possible to mass assign Eloquent attributes that included the model's table name: $model-fill'users.name' = 'Taylor'; When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent...
GHSA-RJ3W-99GC-8J58 Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...
Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...
GHSA-CC2W-GHC5-M5QR Laravel Risk of mass-assignment vulnerabilities
Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...