54 matches found
CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...
CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...
PT-2023-31901 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to properly check permissions when retrieving a post, allowing a System Role with the permission to manage channels to read the posts of a DM conversation...
CVE-2022-38286
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...
CVE-2022-38286
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...
Sql injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...
CVE-2022-38286
CVE-2022-38286 affects JFinal CMS 5.1.0 and is exploitable via the /system/role/list endpoint, enabling SQL injection. The provided sources consistently reference this endpoint vulnerability but do not publish a confirmed fixed version in the documents. CVSSv3.1 base score is 7.2 (High) with impa...
JFinal SQL注入漏洞
JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /system/role/list SQL injection vulnerability...
jfinal cms SQL注入漏洞
jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , the template engine with beetl , database with mysql , front-end bootstrap framework . jfinal cms 5.1.0 version of a security vulnerability , the vulnerability...
Privilege escalation by backend users assigned to the default "Publisher" system role
Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Patches Issue has been patched in...
GHSA-RFJC-XRMF-5VVW Privilege escalation by backend users assigned to the default "Publisher" system role
Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Patches Issue has been patched in...
CVE-2020-15248 Privilege escalation by backend users assigned to the default "Publisher" system role
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...
CVE-2019-2517
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFSROLE privilege with network access via Oracle Net to compromise Core RDBMS. While the...
Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability (CNVD-2018-11307)
Cisco Prime Collaboration Provisioning PCP is a reliable and scalable Web-based provisioning solution for managing your company's critical next-generation communications services. An access control bypass vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning PCP. The...