6 matches found
GHSA-8G2P-PQM3-FCFH praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...
CVE-2025-9472
A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /ownerutility/addownerutility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public...
CVE-2025-9472 itsourcecode Apartment Management System add_owner_utility.php sql injection
A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /ownerutility/addownerutility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public...
CVE-2025-9472 itsourcecode Apartment Management System add_owner_utility.php sql injection
A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /ownerutility/addownerutility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public...
PT-2025-34739
Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument in the processing of the /owner utility/add owner utility.php file. This can be exploited remotely. The...
CVE-2025-9418 itsourcecode Apartment Management System addowner.php sql injection
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...