5 matches found
EUVD-2026-35194
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contactid in the POST request body without tenant ownership...
CVE-2026-49141
WACRM vulnerability CVE-2026-49141: auth bypass in the automation engine allows an authenticated attacker to access/modify contacts of other tenants by sending a caller-controlled contact_id in a POST body, bypassing tenant ownership verification. Exploitation occurs via the service-role client t...
CVE-2024-45265
creationtimestamp| type| source ---|---|--- 2024-08-26 11:26:08+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8369 2024-08-26 21:20:18+00:00| seen| https://t.me/cvedetector/4191...
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2010-5008
SQL injection vulnerability in pages/contactlistmailform.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter...