2 matches found
PT-2022-28106 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns the incorrect use of privileged APIs in the usememos/memos GitHub repository. A user can archive any private memos, delete any shortcut, and edit any shortcut from other...
Archive any private memos + Delete any Shortcut + Edit any Shortcut from other users
Description User can archive any private memos, Delete any Shortcut and Edit any Shortcut from other users via api PATCH /api/memo/8 HTTP/1.1 "id":8,"rowStatus":"ARCHIVED" PATCH /api/shortcut/2 HTTP/1.1 "id":2,"title":"shortahihix","payload":"" DELETE /api/shortcut/2 Proof of Concept Login to...