7 matches found
Improper Access Control
unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...
UnoPim has Broken Access Control
Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint expected behavior, but can still delete products via the mass-delete endpoint, even when the request...
CVE-2025-55741
UnoPim is a Laravel-based open-source PIM. In versions
CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...
CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...
CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...
PT-2025-34443 · Unopim +1 · Unopim +1
Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.3.0 and earlier Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Users lacking the necessary Delete privilege for products can bypass access controls by submitti...