11 matches found
Exploit for CVE-2026-46645
CVE-2026-46645 - SQLAdmin ajaxlookup Authorization Bypass...
EUVD-2026-36168
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...
CVE-2026-46645
SQLAdmin (for SQLAlchemy) contains an authorization bypass in the ajax_lookup endpoint prior to version 0.25.1, where is_accessible() is bypassed, allowing an authenticated user to query a model’s data despite access restrictions. The issue affects ajax_lookup specifically and was mitigated by pa...
CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...
CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...
CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`
SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...
SQLAlchemy Admin 安全漏洞
SQLAlchemy Admin is an open-source SQLAlchemy model management interface tool developed by Smithy HQ. Versions of SQLAlchemy Admin prior to 0.25.1 contained a security vulnerability. This vulnerability stemmed from the ajaxlookup endpoint in the application.py file, which bypassed the isaccessibl...
Missing Authorization
Overview sqladmin is a SQLAlchemy admin for FastAPI and Starlette Affected versions of this package are vulnerable to Missing Authorization in the ajaxlookup endpoint due to missing enforcement of access control checks. An attacker can access restricted model data by sending requests to the...
GHSA-54MC-GGHV-4CFJ SQLAdmin: Authorization Bypass on `ajax_lookup`
Impact The ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user can still query that model's data through the ajaxlookup endpoint — silently...
PT-2026-42694
Name of the Vulnerable Software and Affected Versions SQLAdmin versions prior to 0.25.1 Description The ajax lookup endpoint in application.py bypasses the is accessible access control check enforced by other endpoints. If a developer restricts model access by overriding is accessible, an...
Dell KACE System Management Appliance (SMA) XSS / SQL Injection
Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Date: 12/04/2018 Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected Versions: KACE SMA versions prior to 9.0.270 PATCH SEC201820180410 Tested on:...