Duplicate Advisory: OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hc5h-pmr3-3497. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails ...

CVE-2026-28473

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...

CVE-2025-4457

A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has be...

PT-2025-4083 · Code Projects · Code-Projects Simple Plugins Car Rental Management

Name of the Vulnerable Software and Affected Versions: code-projects Simple Plugins Car Rental Management version 1.0 Description: A critical issue has been found in the file "/admin/approve.php", where the manipulation of the id argument leads to SQL injection. The attack can be launched remotel...