3 matches found
EUVD-2025-198305
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
Q-Free MAXTIME Suite 访问控制错误漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/menu/routes.lua. An...
PT-2025-7136 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authentication issue for a critical function in maxprofile/menu/routes.lua allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...