Lucene search
K

6 matches found

OSV
OSV
added 2026/06/01 2:23 p.m.8 views

GHSA-8G2P-PQM3-FCFH praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members

Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...

9.6CVSS5.8AI score0.00031EPSS
Exploits0References2
OSV
OSV
added 2025/08/26 5:15 a.m.3 views

CVE-2025-9472

A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /ownerutility/addownerutility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public...

9.8CVSS5.8AI score0.00387EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/26 4:32 a.m.11 views

CVE-2025-9472 itsourcecode Apartment Management System add_owner_utility.php sql injection

A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /ownerutility/addownerutility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public...

7.5CVSS0.00387EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/26 4:32 a.m.4 views

CVE-2025-9472 itsourcecode Apartment Management System add_owner_utility.php sql injection

A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /ownerutility/addownerutility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public...

7.5CVSS7.7AI score0.00387EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34739

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument in the processing of the /owner utility/add owner utility.php file. This can be exploited remotely. The...

7.5CVSS7.4AI score0.00387EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/08/25 8:32 p.m.9 views

CVE-2025-9418 itsourcecode Apartment Management System addowner.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

7.5CVSS0.00505EPSS
Exploits1References5
Rows per page
Query Builder