4 matches found
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass
ABB Cylon Aspect 3.08.01 badassMode File Upload MD5 Checksum Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy managemen...
CVE-2024-5860
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-5860 Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Tickera Plugin <= 3.5.2.8 is vulnerable to Broken Access Control
Software Tickera Type Plugin Vulnerable versions = 3.5.2.8 Fixed in 3.5.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5860 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 94f597cb32e8 Credits Lucio Sá Required privilege...