2 matches found
Access Control Bypass
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Access Control Bypass via the app/Http/Controllers/Api/UploadedFilesController.php component. An attacker can gain unauthorized access and potentially execute arbitrary code...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the PropertyName directive in XML Filter Query processing. An attacker can manipulate backend database queries by injecting specially crafted input containing double quote characters. Remediation Upgrade mapserver to...