97 matches found
CVE-2026-31070
The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...
CVE-2026-31070
The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...
PT-2026-41943
Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Unauthenticated remote attackers can escalate privileges by self-assigning an administrative role during the registration process. This occurs because the '/api/user/signup'...
CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
CVE-2026-35567
...
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...
CVE-2026-2375 App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...
CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...
CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...
CVE-2026-31874
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...
EUVD-2026-11284
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...
Taskosaur 安全漏洞
Taskosaur is an open-source project management platform that integrates conversational AI. Version 1.0.0 of Taskosaur contains a security vulnerability; this vulnerability arises from incorrect validation of role parameters during the user registration process, which may lead to unauthorized...
PT-2026-24782
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...
CVE-2025-12981
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2025-12981
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2025-69564
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...
CVE-2021-33223
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file...
CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...
CVE-2023-4293
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmppupdateprofile' function. This makes it possible for authenticated attackers, with minimal...