CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...

CVE-2026-28781

CVE-2026-28781 affects Craft CMS. Before versions 4.17.0-beta.1 and 5.9.0-beta.1, an entry creation flow permits Mass Assignment of the authorId attribute. A user with Create Entries permission can inject the parameters authorIds[] or authorId into a POST request, which the backend may process wi...

GHSA-2XFC-G69J-X2MP Craft CMS: Entries Authorship Spoofing via Mass Assignment

Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...

PT-2026-22950

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 Craft versions prior to 5.9.0-beta.1 Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorI...

EUVD-2026-5705

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

CVE-2026-25567 WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

WeKan 安全漏洞

WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...

EUVD-2013-4226

Malware in sbrugna...

subversion: (mod_dav_svn) spoofing svn:author property values for new revisions

It was found that the moddavsvn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property...

subversion: (mod_dav_svn) spoofing svn:author property values for new revisions

It was found that the moddavsvn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property...

Apache Subversion mod_dav_svn server new revision svn:author attribute value spoofing vulnerability

Subversion is an open source multi-user version control system that supports non-ASCII text and binary data. The Subversion moddavsvn server allows arbitrary setting of the svn:author attribute value when submitting new revisions. This allows an attacker to use a carefully constructed sequence of...