8 matches found
CVE-2026-7886
Concrete CMS versions 9.5.0 and below are vulnerable to an IDOR in AddMessage/UpdateMessage via the attachments[] parameter. The AddMessage and UpdateMessage controllers load files by ID with $em->find(File::class, $attachmentID) without per-file permission checks (canViewFile()), enabling a u...
CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability. This vulnerability stems from an insecure direct object reference in the attachments parameter of the AddMessage/UpdateMessage functions, which may...
PT-2026-42556
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists in the 'AddMessage' and 'UpdateMessage' conversation controllers. These controllers accept user-supplied file attachment IDs through the attachmen...
CVE-2026-1251
CVE-2026-1251 describes an Insecure Direct Object Reference in the WordPress plugin SupportCandy – Helpdesk & Customer Support Ticket System (versions up to and including 3.4.4). The vulnerability allows an authenticated attacker with subscriber-level access or higher to steal attachments uploade...
CVE-2026-1251 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'addreply' function due to missing validation on a user controlled key. This makes it possible for authenticated...
FreeScout 代码问题漏洞
FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...
CVE-2002-1741
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." dot dot in the Attachments parameter...