Lucene search
K

7 matches found

Veracode
Veracode
added 2025/09/15 5:19 a.m.6 views

Improper Access Control

unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...

8.1CVSS6.8AI score0.00387EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/22 4:49 p.m.9 views

UnoPim has Broken Access Control

Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint expected behavior, but can still delete products via the mass-delete endpoint, even when the request...

8.1CVSS6.5AI score0.00387EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2025/08/22 4:4 p.m.30 views

CVE-2025-55741

UnoPim is a Laravel-based open-source PIM. In versions

8.1CVSS6.4AI score0.00387EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/08/22 4:4 p.m.10 views

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS0.00387EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/22 4:4 p.m.3 views

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS6.4AI score0.00387EPSS
Exploits1References3
OSV
OSV
added 2025/08/22 4:4 p.m.6 views

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

8.1CVSS6.5AI score0.00387EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.11 views

PT-2025-34443 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.3.0 and earlier Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Users lacking the necessary Delete privilege for products can bypass access controls by submitti...

8.1CVSS6.5AI score0.00387EPSS
Exploits1References12
Rows per page
Query Builder