2 matches found
CVE-2023-22452 Improper Input Validation in kenny2automate
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2023-22452
CVE-2023-22452 affects the Discord bot kenny2automate . The vulnerability is in the web interface for server settings where input names embedded Discord channel IDs, with no validation to confirm the IDs belong to the target server before commit a947d7c. This enables an attacker who has access to...