Lucene search
K

99 matches found

OSV
OSV
added 2024/05/15 6:15 a.m.2 views

CVE-2024-3748

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

6.5CVSS5.8AI score0.00434EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/05/15 6:0 a.m.31 views

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

6.6AI score0.00434EPSS
Exploits2References1
CVE
CVE
added 2024/05/15 6:0 a.m.73 views

CVE-2024-3748

CVE-2024-3748 affects the SP Project & Document Manager WordPress plugin (versions ≤ 4.71). The issue is an IDOR in the upload function where an attacker can manipulate the user_id to make a file appear uploaded by another user, enabling potential unauthorized access or attribution. Connected sou...

6.5CVSS6.6AI score0.00434EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/05/15 6:0 a.m.22 views

CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user...

6.5AI score0.00523EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/15 6:0 a.m.12 views

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

6.7AI score0.00434EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.14 views

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-3748 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 1c7d92437a35 Credits...

6.5CVSS6.5AI score0.00434EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2024/05/14 2:48 p.m.17 views

CVE-2024-1693

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.8AI score0.0042EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.30 views

CVE-2024-1693

The CVE-2024-1693 vulnerability affects the SP Project & Document Manager WordPress plugin. It arises from a missing capability check on the cdm_save_category AJAX action, enabling authenticated users with subscriber-level access and higher to rename arbitrary folders they do not own. Affected ve...

4.3CVSS6.4AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2024/05/03 9:15 a.m.17 views

CVE-2024-33923

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69...

6.3CVSS6.7AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 8:24 a.m.72 views

CVE-2024-33923

CVE-2024-33923 affects the SP Project & Document Manager (WordPress plugin) and is due to Missing Authorization in the plugin. The vulnerability affects SP Project & Document Manager versions from n/a up to 4.69. Reported CVSS 3.1 base metrics indicate Network access (AV:N), low attack complexity...

6.3CVSS5.2AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 8:24 a.m.18 views

CVE-2024-33923 WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69...

6.3CVSS6.9AI score0.00353EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.9 views

WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to Broken Access Control

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.69 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33923 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4ab90a9cecb9 Credits Abdi Pranata...

6.3CVSS6.5AI score0.00353EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.140 views

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...

6.7AI score0.00434EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.155 views

SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist&uid=3CHANGE HERE&pid=0CHANGE HERE&search=&=1708406394720 You can view...

6.6AI score0.00523EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.18 views

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user PoC 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...

6.4AI score0.00434EPSS
Exploits2
NVD
NVD
added 2024/04/18 11:15 a.m.25 views

CVE-2024-32551

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71...

7.6CVSS7.9AI score0.00486EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/18 10:27 a.m.24 views

CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71...

7.6CVSS5.5AI score0.00486EPSS
Exploits0References1
CVE
CVE
added 2024/04/18 10:27 a.m.71 views

CVE-2024-32551

CVE-2024-32551 is a SQL Injection vulnerability in SP Project & Document Manager for WordPress (affecting versions from n/a through 4.71). The issue stems from improper neutralization of SQL elements in the plugin’s SP Project & Document Manager component, enabling an attacker with HIGH privilege...

7.6CVSS5.5AI score0.00486EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/18 10:27 a.m.27 views

CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71...

7.6CVSS8.1AI score0.00486EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.9 views

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32551 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4e8128ffc035 Credits CatFather Required privilege Author...

7.6CVSS6.8AI score0.00486EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder