Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 12:29 a.m.7 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/19 12:29 a.m.19 views

CVE-2026-33052

MantisBT (MantisBT) versions 2.28.0 and 2.28.1 permit a low-privileged authenticated user with add_profile_threshold to create a global profile by tampering with the user_id in a profile-creation request, enabling an authorization bypass. The issue is fixed in version 2.28.2. Affected component: ...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 5:58 p.m.7 views

GHSA-68W5-W573-Q2R8 MantisBT Has Authorization Bypass in Global Profile Creation

MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.13 views

CVE-2024-50619

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account...

8.8CVSS5.5AI score0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 10:15 p.m.9 views

CVE-2024-50619

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.4 views

Rock RMS Security Vulnerability

Rock RMS is a church management system. Versions of Rock RMS prior to 8.6 have a security vulnerability. An attacker could easily take over an account by tampering with the user id parameter in the profile update. Due to the lack of authentication and the use of consecutive user ids, any user can...

9.8CVSS5.8AI score0.0168EPSS
Exploits1References2
Rows per page
Query Builder