2 matches found
HackerOne: Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering
Summary: Hi team, Our team noticed that youprogram can attach files to the policy page. These files can be anything, images, text, archive, etc.In other words, these files may or may not contain sensitive information. Our team believes that the data that can be attached in different vectors is hi...
Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities
Exploit for php platform in category web applications Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was defined...