9 matches found
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50671
Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...
CVE-2024-50671
Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
Summary: CVE-2024-50672 affects Adapt Learning Adapt Authoring Tool versions <= 0.11.3. A NoSQL injection flaw arises from insufficient input validation, where attacker-controlled input is used in a Mongoose find() query. This can allow unauthenticated users to reset passwords for regular and ...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
PT-2024-34388 · Adapt Learning +1 · Adapt Learning Adapt Authoring Tool +1
Name of the Vulnerable Software and Affected Versions: Adapt Learning Adapt Authoring Tool versions = 0.11.3 Description: A NoSQL injection issue allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. This occurs due to insufficient...
CVE-2024-50671
Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...
CVE-2024-50671
CVE-2024-50671 concerns Adapt Learning’s Adapt Authoring Tool (versions