Lucene search
K

5 matches found

CVE
CVE
added 2026/03/31 8:19 p.m.17 views

CVE-2026-34372

Sulu CMS vulnerability CVE-2026-34372 affects Sulu versions prior to 2.6.22 and 3.0.0 to before 3.0.5. The issue allows a user with admin permissions (via at least one role) to access sub-entities of contacts through the admin API without explicit contacts permissions. It has been fixed in versio...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 8:19 p.m.23 views

CVE-2026-34372 Sulu checks fix permissions for subentities endpoints

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...

5.3CVSS0.00258EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 8:19 p.m.8 views

CVE-2026-34372 Sulu checks fix permissions for subentities endpoints

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/30 6:4 p.m.4 views

Sulu checks fix permissions for subentities endpoints

Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts. Patches The issue was patched in release 2.6.22 and 3.0.5. Workarounds Create a Symfony Request Listener checkin...

5.3CVSS5.9AI score0.00258EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/30 6:4 p.m.4 views

GHSA-6H7H-M7P5-HJQP Sulu checks fix permissions for subentities endpoints

Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts. Patches The issue was patched in release 2.6.22 and 3.0.5. Workarounds Create a Symfony Request Listener checkin...

5.3CVSS5.9AI score0.00258EPSS
Exploits0References5
Rows per page
Query Builder