WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

PT-2021-21730

Name of the Vulnerable Software and Affected Versions WP Cerber versions prior to 8.9.3 Description The issue allows bypass of /wp-json access control via a trailing ? character. Recommendations For versions prior to 8.9.3, update to version 8.9.3 or later to resolve the issue. As a temporary...

CVE-2012-1464

Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party informatio...