Lucene search
K

575 matches found

OSV
OSV
added 2025/03/14 3:32 p.m.9 views

GHSA-RP28-MVQ3-WF8J Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS6.7AI score0.00566EPSS
Exploits17References7
Github Security Blog
Github Security Blog
added 2025/03/14 3:32 p.m.26 views

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS6.7AI score0.00566EPSS
Exploits17References7Affected Software1
OSV
OSV
added 2025/03/14 1:15 p.m.3 views

CVE-2025-2304

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS5.8AI score0.00566EPSS
Exploits17References2
Vulnrichment
Vulnrichment
added 2025/03/14 12:34 p.m.16 views

CVE-2025-2304 Camaleon CMS Privilege Escalation

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS6.5AI score0.00566EPSS
Exploits17References2
Cvelist
Cvelist
added 2025/03/14 12:34 p.m.22 views

CVE-2025-2304 Camaleon CMS Privilege Escalation

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS0.00566EPSS
Exploits17References2
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.17 views

CamaleonCMS 安全漏洞

CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS that stems from a mass assignment that could lead to elevation of privilege...

9.4CVSS6.4AI score0.00566EPSS
Exploits17References3
Positive Technologies
Positive Technologies
added 2025/03/14 12:0 a.m.14 views

PT-2025-11259

Name of the Vulnerable Software and Affected Versions Camaleon CMS affected versions not specified Description Privilege escalation is possible through mass assignment, a condition where an application takes user-provided data and binds it to an internal object without proper filtering. This occu...

9.4CVSS5.4AI score0.00566EPSS
Exploits17References18
RubySec
RubySec
added 2025/03/14 12:0 a.m.22 views

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS7AI score0.00566EPSS
Exploits17References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 11:50 a.m.15 views

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS7AI score0.21346EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:57 p.m.7 views

CVE-2024-0404

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9AI score0.00783EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.10 views

PT-2024-28901 · Unknown · Pantera Crm

Name of the Vulnerable Software and Affected Versions: Pantera CRM versions 401.152 through 402.072 Description: A mass assignment issue exists, allowing authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

8.8CVSS7AI score0.00372EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/07/30 5:15 p.m.15 views

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS5.9AI score0.21346EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/30 4:13 p.m.31 views

CVE-2024-7297 Langflow Privilege Escalation

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS0.21346EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/30 4:13 p.m.18 views

CVE-2024-7297 Langflow Privilege Escalation

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS7.1AI score0.21346EPSS
Exploits1References1
Veracode
Veracode
added 2024/05/20 7:8 a.m.11 views

Mass Assignment

Laravel is vulnerable to Mass Assignment. The vulnerability is due to improper column quoting for database drivers, which can be exploited when not using the fillable property on models, particularly when using the guarded property and passing a user-controlled array into an "update" or "save"...

7.1AI score
Exploits0
Veracode
Veracode
added 2024/05/16 7:43 a.m.14 views

Mass Assignment

Laravel is vulnerable to Mass Assignment. The vulnerability is due to insufficient column quoting for all database drivers, which could allow attackers to perform unauthorized mass assignment operations. If using guarded and passing a user-controlled array into an "update" or "save" function,...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/15 10:18 p.m.15 views

Laravel Guard bypass in Eloquent models

In laravel releases before 6.18.34 and 7.23.2. It was possible to mass assign Eloquent attributes that included the model's table name: $model-fill'users.name' = 'Taylor'; When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent...

7.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/15 10:5 p.m.11 views

GHSA-RJ3W-99GC-8J58 Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...

7.2AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/15 10:5 p.m.15 views

Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...

7.2AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/15 9:53 p.m.14 views

GHSA-CC2W-GHC5-M5QR Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...

7.2AI score
Exploits0References3
Rows per page
Query Builder