5 matches found
CVE-2026-34372
Sulu CMS vulnerability CVE-2026-34372 affects Sulu versions prior to 2.6.22 and 3.0.0 to before 3.0.5. The issue allows a user with admin permissions (via at least one role) to access sub-entities of contacts through the admin API without explicit contacts permissions. It has been fixed in versio...
CVE-2026-34372 Sulu checks fix permissions for subentities endpoints
Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...
CVE-2026-34372 Sulu checks fix permissions for subentities endpoints
Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...
Sulu checks fix permissions for subentities endpoints
Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts. Patches The issue was patched in release 2.6.22 and 3.0.5. Workarounds Create a Symfony Request Listener checkin...
GHSA-6H7H-M7P5-HJQP Sulu checks fix permissions for subentities endpoints
Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts. Patches The issue was patched in release 2.6.22 and 3.0.5. Workarounds Create a Symfony Request Listener checkin...